It is the ticket owner's responsibility to fix the vulnerability associated with the ticket or mark the ticket "Ignored". The following diagram illustrates how Open tickets are closed.
Tickets may be closed by the following methods:
a) After fixing the vulnerability related to a ticket, the user changes the ticket state to Resolved. During the next scan, the service verifies that the vulnerability is fixed and closes the ticket.
b) Tickets may be moved directly from Open to Closed state, without user action on the ticket. The user fixes the vulnerability related to the ticket. During the next scan, the service verifies that the vulnerability is fixed and closes the ticket. (The dashed line indicates that this action may be disabled by a Manager by going to Remediation > Setup.)
c) Users have the option to ignore tickets for vulnerabilities that they don't plan to fix, thus moving them to the Closed/Ignored state. You can also create a policy that creates tickets in the Closed/Ignored state for tracking purposes. Ignored tickets may be reopened at a later time automatically by the service or manually by users. (Note that Scanners and Readers may not have the ability to ignore tickets. Go to Remediation > Setup to see if Scanners and Readers have this permission.)