Rulesets are a mechanism to control the visibility of the findings produced by a security scanning tool.
- Ignore false positives or “noise” - Some scan tools are conservative in reporting potential vulnerabilities. For example, ports 80 and 443 being open on a web server host is probably acceptable. Use Rulesets to suppress issue reporting for such cases.
- Special Alerts - For a particularly sensitive application, container, server, etc., you may want to pay attention to even “low risk” issues. Use Rulesets to explicitly generate alerts each and every time such an issue is detected (normally, alerts are sent only for net new issues detected). An alert will be sent to chosen channel like email or Slack, that was set up while adding a target .
Escalate or De-escalate
- Override Issue Severity - Sometimes, it may be desirable to escalate or downgrade the severity of Issues based on other conditions. For example, an Issue that is reported to be a “LOW” severity may need to be escalated to “HIGH” if it comes from a particularly sensitive scan Target.
Only users with a Role of Admin or User may view, update, or delete Rulesets.