Working with false vulnerabilities¶
False positive occurs when legitimate entity is qualified as a vulnerability.
After analyzing a vulnerability, you may conclude that the vulnerability is a false positive. A vulnerability marked as a false positive will be switched to an appropriate status and will not be rechecked.
If the detected vulnerability exists but cannot be fixed
If the detected vulnerability exists in the protected application but cannot be fixed, we recommend setting up the Create a virtual patch rule. This rule will allow blocking attacks exploiting the detected type of vulnerability and will eliminate the risk of an incident.
Mark a vulnerability as a false positive¶
Click the Mark as false button next to the desired vulnerability in the list to mark this vulnerability as a false positive.
You can also mark the vulnerability as a false positive by clicking the Mark as false button on the page of the desired vulnerability.
Wallarm will requalify the vulnerability as a false positive.
Remove a false positive mark¶
The vulnerability marked as a false positive, will be displayed on the Closed tab. To remove a false positive mark, please open a vulnerability card and click Reopen.
The vulnerability will be switched to the status Open and will be rechecked with Wallarm WAF tools.