You can hide vulnerabilities to focus on the CVEs that are most critical to your environment. You modify the content that exists in the Carbon Black Cloud Vulnerability Management by dismissing vulnerabilities permanently.

You might dismiss vulnerabilities from your viewing and scanning due to the following reasons:

  • Issue cannot be immediately resolved: When you might not have the resources available to immediately fix a known CVE that impacts your environment.
  • Not an issue: When you resolve CVEs through changes other than an update (for example, config level changes). Such CVEs are still reported by the Vulnerability Management since the installed OS/App version is known as being vulnerable.
  • Issue is in the process of resolving or ticket exists: When SecOps users might have already filed a ticket with the IT team to patch a known CVE.
  • False positive: When CVEs appear in the Carbon Black Cloud console, even though they are not present in your environment. This occurs when CVEs in the National Vulnerability Database are not clearly assigned to one specific OS or App version.
The Carbon Black Cloud console captures the actions all users perform when dismissing or undismissing vulnerabilities. To view a list of all actions on dismissing vulnerabilities for a specified time period, navigate to the Settings > Audit Log page and enter the dismiss* expression in the search box. The audit log presents info on the following:
  • Date and time of the dismissal action.
  • The IP address from where the action executes.
  • The user performing the dismissal.
  • The action itself. It can be Dismissed, Dismiss edited, or Undismissed.
If you export the currently dismissed vulnerabilities, you can see that action listed in the logs when you enter your user name in the search box. The action appears in the audit log as Downloaded output of job request <job_request_ID>. With unspecified record count.