Suppress results from appearing in future scans

2024/1/22 |

Lucent Sky AVM uses a suppression mechanism to prevent unwanted results from appearing in future scans. This is useful when creating custom rules for those results is not feasible or undesirable. This article describes how to create a suppression rule to suppress a result from appearing in future scans.

In this article, you will learn how to:

  • Create a suppression rule and add it to a rule package.

At the end, you will be able to suppress results so they stop appearing in future scans.

Creating a suppression rule

  1. Create a directory with an arbitrary name, such as Rule Package Foo. Then, create a Suppressions directory under it.
  2. Create a Suppression.xml file in the Suppressions directory created in the previous step.

  3. Insert the following to the XML file created in the previous step:

     <?xml version="1.0" ?>
 <Suppressions>

 </Suppressions>

  4. The suppression signature for a result is available on the Web UI and the verbose HTML report.

    • Obtain the suppression signature of a single result using the Web UI:

      1. Navigate to the details page of the result to suppress.
      2. Select Suppress on the Action Bar.
      3. Select the textbox and copy the suppression signature.

    • Obtain the suppression signature of all hidden results using the Web UI:

      1. Navigate to the details page of the scan.
      2. Select Bulk Suppress on the Action Bar.
      3. Select the textbox and copy the suppression signature.

    • Obtain the signature in the verbose HTML report:

      1. Locate the result to suppress.
      2. Select the suppression signature at the end of the result and copy its content.

    The suppression signature should look similar to the following sample:

     <!-- Suppress result 'cb58d311-b814-4ed9-a7a4-f513941d3dc6' -->
 <Suppression Rule="CWE79" Vector="Client" Hash="26C9547349EEC0B75725A5713C957FDD4BEE1B679A77CB3A319DF512BA2E5E50" />

    or the following for a hidden result:

     <!-- Suppress result '03b9a700-6182-42e3-9e0b-ab6d7dfab467' hidden in scan '1a6454c5-b17a-4ce0-bbbe-e6ebd9362809' by user 'ccdc3161-6043-4785-bf29-8ea36b42c0a6' at '2022/8/11 11:35:32 +08:00' -->
 <Suppression Rule="CWE94" Vector="Client" Hash="B327081C6E53FA086BAFC3B4E583AFAB3CA709210499201374C3085DB5C65011" />
  5. Insert the suppression signature before the </Suppressions> end tag in Suppression.xml.

Suppression rules can only be used with a custom rule package. The built-in rule package does not support the use of suppression rules. To learn how to deploy a custom rule package, view the following article in the Lucent Sky Knowledge Base:
Scan an application using a custom rule package