Ignoring CVEs from Toxic Combinations

When CloudGuard calculates the Risk Score for a Toxic Combination, CloudGuard considers known vulnerabilities (CVEs) it identifies in your cloud assets. You can configure CloudGuard to ignore a specific CVEClosed The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. from the Toxic Combinations calculation for an Entity, Organizational Unit, or Environment. Ignore a CVE if you do not want to focus on it in your investigation. After you ignore a CVE, CloudGuard may assign a lower risk score to a Toxic Combination or remove it from the Toxic Combinations table.

  1. From the left menu, expand Risk Management > click Toxic Combinations.

  2. Select a Toxic Combination.

    A sliding window opens.

  3. In the sliding window, expand the Vulnerabilities section.

  4. To the right of the relevant CVE, click Ignore.

    The New CVE Ignore Item window opens.

  5. Optional - Enter or change one or more of these attributes of the CVE Ignore Item:

    • Name

    • Description

    • Expiration Date - By default, the exclusion is permanent.

    Note - The CVE Details section and the Vulnerable Entity section are filled automatically to ignore the CVE for the entity. To add more CVEs or entities to the CVE Ignore Item, see To ignore one or more CVEs from Toxic Combinations for multiple entities.

  6. Click Save.

  1. From the left menu, expand Risk Management > expand Toxic Combinations.

  2. Click CVEs Ignore List.

  3. Click Add.

    The New CVE Ignore Item window opens.

  4. Enter a name for the CVE Ignore Item.

  5. Optional - Enter a Description.

  6. Optional - Enter an Expiration date. By default, the exclusion is permanent.

  7. In the CVE Details section, fill one of these fields to identity one or more CVEs to ignore:

    • CVE IDs - Enter one or more CVE IDs to ignore.

    • Package name - Enter one or more package names. CloudGuard ignores all CVEs that it finds in these packages.

    • Package path - Enter one or more package paths. CloudGuard ignores all CVEs that it finds in these package paths.

    Note - You can use % as a wildcard. For example, arn:aws:lambda:us-east-1:123456789012:function:% applies to all Lambda function names in the us-east-1 region for the AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. account number 123456789012.

  8. In the Vulnerable Entity section, select where to ignore the CVE(s):

    • To ignore the CVE from all entities in one or more Organizational Units, select Organizational Unit and enter the names of the Organizational Unit(s).

    • To ignore the CVE from all entities in one or more Environments, select Environment and enter the names of the Environment(s).

    • To ignore the CVE from one or more specific entities, select Entity Name or Entity ID and enter the names or IDs of one or more Entities.

  9. Click Save.

  1. From the left menu, expand Risk Management > expand Toxic Combinations.

  2. Click CVEs Ignore List.

  3. Click the name of the CVE Ignore Item.

    A sliding window opens.

  4. Edit the CVE Ignore Item.

  5. Click Save.

  1. From the left menu, expand Risk Management > expand Toxic Combinations.

  2. Click CVEs Ignore List.

  3. Select the checkbox to the left of the name of the CVE Ignore Item.

  4. Click Delete.

  5. In the confirmation window, click Delete.