Risk states

All detected risks within your network have a State value associated with them. This information appears in several Risk Dashboard tables. For example, the Risks table. You can manually change the State of a risk. Changing this value does not impact whether the Risk Scanner detects any risk on the host machine. If you do not make changes, the default state of a risk is Open.

Note:
  • Accepted and False Positive risks do not contribute toward the risk score calculation.
  • Unsuccessful Validation is a system-assigned state for any risk that was previously marked as Fixed, Waiting Validation but was detected in a subsequent vulnerability scan.

On the Risks page, you can select these risk state values:

Note:

These risk state values are also available on the Management Plan page.

State

Select this option when

Open

You are not currently taking any actions for this risk.

False Positive

You mitigated a risk in a way that the Risk Scanner does not account for.

Acknowledged, In-Planning

You plan to resolve the risk through direct resolution, or taking recommended or other mitigation steps.

Mitigation/Fix in Progress

You addressed the risk through mitigation actions.

Fixed, Waiting Validation

You believe the risk is mitigated.

Note: The next scan validates if the vulnerability still exists. If the vulnerability:
  • Still exists — The state changes to Unsuccessful Validation.
  • Could not be checked — The state does not change.
  • Was not detected — The state does not change. The status changes to Mitigated.

Accepted

You choose to accept the risk. See Accept a vulnerabilityfor more information.

Mitigated

You successfully mitigated the risk.

Note:

You can only manually change the state to Mitigated if the status of the risk is Inactive.