Managed Risk

Risk Dashboard

Updated Feb 12, 2024

Risk states

All detected risks within your network have a State value associated with them. This information appears in several Risk Dashboard tables. For example, the Risks table. You can manually change the State of a risk. Changing this value does not impact whether the Risk Scanner detects any risk on the host machine. If you do not make changes, the default state of a risk is Open.


  • Accepted and False Positive risks do not contribute toward the risk score calculation.
  • Unsuccessful Validation is a system-assigned state for any risk that was previously marked as Fixed, Waiting Validation but was detected in a subsequent vulnerability scan.

On the Risks page, you can select these risk state values:

Note: These risk state values are also available on the Management Plan page.

State Select this option when
Open You are not currently taking any actions for this risk.
False Positive You mitigated a risk in a way that the Risk Scanner does not account for.
Acknowledged, In-Planning You plan to resolve the risk through direct resolution, or taking recommended or other mitigation steps.
Mitigation/Fix in Progress You addressed the risk through mitigation actions.
Fixed, Waiting Validation You believe the risk is mitigated. Notes: The next scan validates if the vulnerability still exists. If the vulnerability:
  • Still exists — The state changes to Unsuccessful Validation.
  • Could not be checked — The state does not change.
  • Was not detected — The state does not change. The status changes to Mitigated.
Accepted You choose to accept the risk. See Accept a vulnerability for more information.
Mitigated You successfully mitigated the risk. Note: You can only manually change the state to Mitigated if the status of the risk is Inactive.