At Intruder, we're all about making vulnerability management as easy as possible, which is why you have the option to 'snooze' occurrences.
The snoozing concept
Why would I snooze something?
Perhaps we’ve identified a vulnerability that you don’t consider a problem because you’ve added mitigating controls, maybe you’re comfortable accepting the risk and want that reflected in reports, or it could be as simple as – the issue has been confirmed to be a false positive and doesn’t require action.
Snoozing occurrences
How to snooze a single occurrence?
Head to the Issues page > select your desired occurrence(s) and click 'Actions':
ℹ️ Note: You can only snooze occurrences if you are an admin on the account. Scan and Read Only users will have this option greyed out.
How to snooze multiple occurrences?
Expand the issue, check the boxes of the occurrences you wish to snooze, and click the 'Snooze' button:
How to snooze all occurrences?
Expand the issue, check the box to the left of 'Occurrence ' and click the 'Snooze' button:
You can then select the snooze duration, either by selecting 'Forever', or one of the time periods, and then specifying a numerical value:
Can I choose the reason for snoozing?
Yes, absolutely! Once you've clicked one of the buttons shown above, you can choose between accepting risk, marking it as a false positive, or adding mitigating controls.
Whichever initial reason you choose, you have the option to add a description under 'Details':
Can I choose how long it's snoozed for?
Yes! You can choose between 1-365 days, 1-52 weeks, 1-12 months, or forever:
Existing snoozed occurrences
How can I read why something was snoozed and by whom?
On the pane that appears, you will see details relating to the reason and details for snoozing, when it was snoozed, by whom, and when it was snoozed until.
Can I edit the details of a snoozed occurrence?
Yes, head to Issues > Snoozed > click the snoozed issue or occurrence > click 'Actions' > click 'Edit details':
Can I un-snooze?
Yes, head to Issues > Snoozed > click the occurrence > click 'Actions' > click the 'Un-snooze' button:
[Option for unsnoozing all occurrences using the top toggle button]
The impact of Snoozing on Reports & Account Metrics
Are snoozed issues included in PDF reports?
Yes, they appear in the 'Risk accepted', 'False positive', and 'Risk mitigated' sections, but are not reflected in any of the graphs or stats on the first two pages:
Are snoozed issues included in dashboard stats?
Snoozed issues will be removed from the dashboard, so they won't be reflected in the cyber hygiene score, threat level, or time to fix charts (If you don't see them update, then try refreshing the page.)
The following critical threat level is reflective of an account where there are occurrences of a critical issue:
Below, you'll notice that the threat level has dropped to medium because all occurrences of the critical issue have been snoozed:
Why would an issue move from snoozed to fixed?
The target was deleted.
The occurrences were manually remediated.
The occurrences were automatically remediated (possibly via a software patch).
A defensive layer interfered with the scanner's ability to detect the issue.
The server was responding inconsistently, and the scanner couldn't verify that the issue was still present.
The scan prioritization was changed from 'Balanced' to 'Quick' scans, which are faster but less comprehensive, and the vulnerability was not detected as a result.