Ignore Misconfigurations

If a reported misconfiguration is not valid, you can ignore it. When you ignore the misconfiguration, Tenable Cloud Security does not consider it as a violation. You can ignore a misconfiguration in the following ways:

Ignore a misconfiguration from the Tenable Cloud Security console

To ignore a misconfiguration from the Findings page:

  1. In the left navigation bar, click Findings.

    The Vulnerabilities page appears.

  2. Click the Misconfigurations tab.

    The Misconfigurations page shows the misconfigurations and the number of impacted resources along with other details.

  3. Do one of the following:

    • Select the required misconfiguration to view its details.

    • Use the Search box to search and select a specific misconfiguration.

    • Use the following filters to filter and select a specific misconfiguration:

      Filter Description
      Projects Filters misconfigurations by projects.
      Cloud accounts Filters misconfigurations by cloud accounts.
      Severity Filters misconfigurations by the severity of the misconfiguration.
      Source Filters the misconfigurations by the source — Cloud, IaC, or both.
      K8s cluster Filters by the name of Kubernetes cluster.
      Policy group Filters misconfigurations by policy groups
      Benchmark

      Filters by policy benchmarks.
      • The policy details panel appears.

  4. In the Impacted resources section, select the check box corresponding to the resource for which you want to ignore the violation.

    Use the following filters to select the impacted resources:

    Filter Description
    Projects Filters the impacted resources by projects.
    Resource type Filters the impacted resources by resource types.
    Source types

    Filters the impacted resources by IaC or Cloud.
    Cloud accounts Filters the impacted resources by cloud account ID.

  5. Do one of the following:

    • Click Ignore Selected to ignore one or more selected resources for the selected policy.

    • Click Ignore All to ignore all the resources for the selected policy.

    The Ignore policy for selected resources window appears and displays the count of resources to ignore and the policy for which the resources are ignored.

  6. In the Select reason for ignoring drop-down box, select the reason.

  7. In the Ignore for drop-down box, select the duration for Tenable Cloud Security to ignore the misconfiguration: Forever, 6 months, 2 months, 1 month, 2 weeks, 1 week, or 1 day.

  8. In the Comment box, type your reason for ignoring the violation.

  9. Click Submit.
    A message confirms that Tenable Cloud Security ignored the violation. You can view the ignored misconfiguration and the count of ignored resources in the Findings > Ignored Misconfigurations page.

To ignore a misconfiguration from the Policies page:

  1. In the left navigation bar, click Policies.
    The Policies page appears.

  2. Click the Filter icon and set the Status filter to Non-Compliant.

    Tenable Cloud Security shows all non-compliant policies or policies that have misconfigurations.

  3. Click a non-compliant policy.

    The Policy details plan appears.

  4. In the Impacted resources section, select the check box corresponding to the resource for which you want to ignore the violation.

    Use the following filters to select the impacted resources:

    Filter Description
    Projects Filters the impacted resources by projects.
    Resource type Filters the impacted resources by resource types.
    Source types

    Filters the impacted resources by IaC or Cloud.
    Cloud accounts Filters the impacted resources by cloud account ID.

  5. Do one of the following:

    • Click Ignore Selected to ignore one or more selected resources for the selected policy.

    • Click Ignore All to ignore all the resources for the selected policy.

    The Ignore policy for selected resources window appears and displays the count of resources to ignore and the policy for which the resources are ignored.

  6. In the Select reason for ignoring drop-down box, select the reason.

  7. In the Ignore for drop-down box, select the duration for Tenable Cloud Security to ignore the misconfiguration: Forever, 6 months, 2 months, 1 month, 2 weeks, 1 week, or 1 day.

  8. In the Comment box, type your reason for ignoring the violation.

  9. Click Submit.
    A message confirms that Tenable Cloud Security ignored the violation. You can view the ignored misconfiguration and the count of ignored resources in the Findings > Ignored Misconfigurations page.

Ignore a misconfiguration by modifying the resource configuration file

Note: This task is applicable only for Terraform resource configuration files.

To ignore a misconfiguration by modifying the resource configuration file:

  1. In your repository, open the resource configuration file and add the following comment to the file:

    Copy 
    #ts:skip=<Policy_ID> <Skip_reason>

    where:

    • Policy_ID is the ID of the policy you want to exclude.

      To find the policy ID, in the Policies tab, click the policy to view its details along with the policy ID.

    • Skip_reason is the descriptive reason for ignoring the policy during scan.

    Note: To ignore multiple policies for a resource, add a comment line for each policy.

Example

Copy 
resource "aws_ami" "awsAmiEncrypted" {
#ts:skip=AC_AWS_0005 need to skip this rule

  name                = "some-name"

  ebs_block_device {
    device_name = "dev-name"
    encrypted = "false"
  }
}

Tenable Cloud Security ignores the AC_AWS_0005 policy for the aws_ami resource during scan and does not report it as a violation.