User Guides

Managing Risks

2min

Hexiosec ASM offers information about the attack surface of a domain or IP based on publicly available data. It provides insights into potential risks and vulnerabilities that are visible to the public. However, it's important to note that certain risks may have been mitigated through configuration or security mechanisms that are not detectable by Hexiosec ASM.

Each risk is assigned a severity rating of low, medium, high, or critical, refer to the Risk Severity Ratings guidance for more information on how these are categorised.

Ignoring risks

Not all roles have the ability to mark a risk as ignored.

In Hexiosec ASM, it is possible to ignore individual risks. By ignoring a risk, its details will still be retained in the scan, but it will be excluded from the overall results displayed. This allows you to customise and focus on the specific risks that are relevant to your needs.

To ignore a risk, first navigate to the Risks page from the sidebar. Find the risk you would like to ignore and click on the edit icon.

Edit risk icon is on the right hand side of the risk line and has a red box drawn around it.
Editing a Risk


After selecting the 'ignored' check box, you will be prompted to enter a reason for marking the risk as ignored.

The 'ignored' checkbox is shown with a red square around it.
Ignoring a Risk


You can see the ignored risks in the scan from the 'Ignored' section on the Risks page.

The list of ignored risks is shown, with a red box drawn around the ignored option in the top left corner
Ignored Risks


To show the risk in scan results, reverse this process by deselecting the ignored checkbox.