We often get compliments for Nexpose Exceptions Workflow which allows you to "ignore" vulnerabilities based on compensating controls or say acceptable use or risk.
You can change the following to look at the information from different perspectives:
dve.reason_id = 'F'
- False Positive = 'F'
- Compensating Control = 'C'
- Acceptable Use = 'U'
- Acceptable Risk = 'R'
- Other = 'O'
SELECT da.ip_address as "IP Address", da.host_name as "Host Name", dv.title as "Vulnerability", descope.description as "Scope", dve.additional_comments as "Comments", dest.description as "Exception Type", dve.submitted_by "Submitted by", dve.reviewed_by as "Reviewed by", dve.review_comment as "Reviewer's Comment", dve.expiration_date as "Exception Expiration Date"
FROM dim_asset da
JOIN dim_vulnerability_exception dve using (asset_id)
JOIN dim_vulnerability dv using (vulnerability_id)
JOIN dim_exception_scope descope using (scope_id)
JOIN dim_exception_status dest using (status_id)
WHERE dve.reason_id = 'F'
GROUP BY da.ip_address, dv.title, da.host_name, descope.description, dve.additional_comments, dest.description, dve.reason_id, dve.submitted_by, dve.reviewed_by, dve.review_comment, dve.expiration_date
ORDER BY da.ip_address DESC