Several vulnerability customization options give Managers greater control over how vulnerabilities appear in reports and how they are eventually prioritized for remediation. For example, by changing a vulnerability from a severity 2 to a severity 5, remediation tickets for the vulnerability could have a higher priority and shorter deadline for resolution.
Go to VM/VMDR > KnowledgeBase and select Edit from the Quick Actions menu. (Note that you cannot edit web application vulnerabilities.)
Under General Information, select a new severity level from the Severity Level menu. The new severity level will appear in place of the standard severity level whenever the vulnerability is referenced.
The Threat, Impact, and Solution tabs contain read-only information that you cannot change. However, you can enter plain text or HTML in the Comments section. Your comments will be appended to the service-provided descriptions in the vulnerability details within scan reports and other online views within your account. Please note - comments always appear in plain text in PDF reports even if HTML is provided.
When you disable a vulnerability it is globally filtered out from all hosts in all scan reports. The vulnerability is also filtered from host information, asset search results and your dashboard. You may include disabled vulnerabilities in scan reports by changing report filter settings. Disabled vulnerabilities appear grayed out whenever referenced. They appear grayed out in the KnowledgeBase and in vulnerability scan results.
A pencilappears next to the vulnerability when there is customized content and/or a changed severity level. You can also use the search option in the KnowledgeBase to find all vulnerabilities that were edited or disabled.