jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e1b023687439eed6a351cc596d8cef84744182fb
cve-dashboard/docs/kb-fp-submission-editing-guide.md

4.8 KiB
Raw Blame History

FP Workflow Queue & Submission Editing Guide

Overview

The STEAM Security Dashboard allows you to create, track, and edit False Positive (FP) workflow submissions directly from the Reporting Page. This guide covers the full workflow from adding findings to the queue through editing and resubmitting FP workflows.

Adding Findings to the Queue

  1. On the Reporting Page, select findings by clicking the checkboxes in the findings table
  2. Use Shift+Click to select a range of findings
  3. In the selection toolbar that appears, choose the workflow type (FP, Archer, or CARD)
  4. Enter the vendor name (not required for CARD)
  5. Click "Add to Queue"

The findings will appear in the Ivanti Queue panel (click the "Queue" button in the top-right).

Creating an FP Workflow

  1. Open the Queue panel
  2. Select the pending FP items you want to submit using the checkboxes
  3. Click "Create FP Workflow" at the bottom of the panel
  4. Fill in the required fields:
    • Workflow Name: Use the format FP — CVE-XXXX-XXXX — Vendor (e.g., FP — CVE-2024-6387 — Cisco_STEAM)
    • Reason / Justification: Explain why these findings are false positives
    • Description (optional): Additional context
    • Expiration Date: Must be a future date
    • Scope Override: Leave as "Authorized" for standard FP workflows
  5. Attach supporting files (screenshots, evidence) — up to 10 files, 10 MB each
  6. Click Submit

The workflow is created in the Ivanti platform and the queue items are marked as complete.

Viewing Submissions

Your FP submissions appear in the "Submissions" section at the bottom of the Queue panel. Each submission shows:

  • Workflow name
  • Ivanti batch ID
  • Lifecycle status badge (color-coded)
  • Finding count
  • Submission date

Click any submission to open the Edit Modal.

Lifecycle Status

Submissions go through these states:

Status Color Meaning
Submitted Sky Blue Awaiting review
Rework Amber Reviewer sent it back — action needed
Rejected Red Reviewer denied the FP request
Resubmitted Sky Blue Edited and sent back for review
Approved Green FP accepted — no further action

The status badge automatically syncs with the Ivanti platform state when findings data is refreshed.

Editing an Existing Submission

Open a submission from the Queue panel to access the Edit Modal with four tabs:

Details Tab

  • Edit the workflow name, reason, description, expiration date, and scope override
  • Click "Save Details" to push changes to the Ivanti platform
  • If the submission was in Rework or Rejected status, saving automatically changes it to Resubmitted

Findings Tab

  • View the current list of finding IDs mapped to this workflow
  • Add more findings from your pending FP queue items
  • Select the items to add and click "Add Findings"
  • Each finding is mapped individually to the Ivanti workflow

Attachments Tab

  • View files that were uploaded with the original submission
  • Note: Adding attachments to an existing workflow is not supported via the Ivanti API. To add more files, upload them directly in the Ivanti platform.

History Tab

  • View a chronological log of all changes made to the submission
  • Shows finding additions with the actual finding IDs
  • Displays Ivanti reviewer notes (rework feedback, approval notes) pulled directly from the Ivanti platform

Handling Rework Requests

When a submission comes back for rework:

  1. Open the submission from the Queue panel — the status badge will show "Rework" (amber)
  2. Go to the History tab to read the reviewer's notes explaining what needs to change
  3. Common rework reasons:
    • Need more screenshots showing remediation
    • Need to verify specific software versions
    • Missing evidence for some findings
  4. Go to the Findings tab to add any additional findings if needed
  5. Upload additional screenshots directly in the Ivanti platform (Attachments tab has a link)
  6. Go to the Details tab to update the reason/description if needed
  7. Click "Save Details" — the status automatically changes to Resubmitted

Changing Status Manually

Use the status dropdown in the Edit Modal to manually change the lifecycle status. This is useful when:

  • You receive notification outside the dashboard that a submission was rejected
  • You want to mark a submission as approved after confirming in Ivanti

Note: Approved submissions are locked and cannot be edited.

Tips

  • Always include enough screenshots per audit guidance (e.g., 10 screenshots for 20-50 findings)
  • Use the naming convention FP — CVE-XXXX-XXXX — Vendor_Team for easy identification
  • Check the FP Workflow Status donut chart on the Reporting Page for an overview of all your FP ticket states
  • The workflow column in the findings table shows the current Ivanti state for each finding
Reference in New Issue View Git Blame Copy Permalink