There are several reasons why you might want to snooze an issue: perhaps we’ve identified a vulnerability that you don’t consider a problem because you’ve added mitigating controls; maybe you’re comfortable accepting the risk and want that reflected in your reports; or simply, the issue is a false positive and doesn’t warrant further investigation.
At Intruder we're all about making vulnerability management as easy as possible, which is why you have the option to 'snooze' issues and mark them accordingly from within our portal.
How does it work?
Simply hit the snooze button, select a reason for snoozing this issue and choose a snooze duration. That issue will then be removed from your issues page in the portal and corresponding PDF reports (though you can still see it in the separate 'snoozed' sections) until the deadline expires, when it will pop back up, ready for you to re-examine. Of course, you can un-snooze issues easily and quickly at any time.
In detail, snoozing works at two different levels:
At the issue level
This will snooze all current occurrences of that issue (in this case
Untrusted / Invalid SSL Certificate) as well as all future occurrences until the specified deadline ("Snooze for")
At the individual occurrence level
Use this to snooze a specific occurrence of an issue, such as one that occurred on a particular target:
testphp.vulnweb.com, on a specific port:
80 and a specific path
/listproducts.php. We'll keep that occurrence snoozed for as long as it's present or until the specified deadline expires, whatever happens first.
Please note that issue snoozing overrides occurrence snoozing, so if you've snoozed an occurrence, then snoozed and un-snoozed the whole issue, all occurrences become un-snoozed.
How long are issues snoozed?
That's up to you! The options are:
Can I add notes to a snoozed issues?
Yes! If you click on "adding mitigating controls", you'll be able to enter a description in the 'Details' field, (which you can revert back to at a later date by clicking "view snooze details")
Are snoozed issues included in dashboard stats?
Snoozed issues/occurrences will be removed from the dashboard, so they won't be reflected in the Cyber Hygiene score, the threat level, fix time charts or exposure over time graph. (If you don't seem them update, try refreshing the page.) To demonstrate:
The first graph is reflective of an account where there is one current critical issue:
In this graph, you'll notice that the critical issue has dropped off because it has since been snoozed:
Are snoozed issues included in PDF reports?
Yes, they appear in a separate “snoozed” section but are not reflected in any of the graphs or stats on the first two pages.
How do I view snooze details?
Head to your issues page and click Snoozed to view a list of all the issues and occurrences that are currently snoozed.
Clicking on the bell icon will reveal a short dropdown > select 'View snooze details'.
You'll then see any notes that were added and the snooze duration:
How do I un-snooze an issue?
Head to the snoozed section of the issues page.
Click the bell icon on the right hand side and select 'Un-snooze issue'