Add ability to dismiss/mark (ignore) a detected vulnerability

[noahtalerman]

This issue's remaining effort can be completed in ≤1 sprint. It will be valuable even if nothing else ships.

It is planned and ready to implement. It is on the proper kanban board.

Goal

User story
As a vulnerability management engineer,
I want to exclude specific vulns
so that I can cater vuln reporting for leadership.

• [ ] Potential solution: Allow for users to categorize detected vulnerabilities in the Fleet UI. The following are potential categories:
  • Dismissed - The user indicates that they do not care or do not intent to resolve the detected vulnerability
  • False positive - The user indicates that Fleet is using the incorrect version for the installed software to perform the CPE mapping
  • Patched - The user indicates that they recently patched the installed software
• [ ] @GuillaumeRoss: Declaring a vulnerability to be a false positive should offer text entry field(s) to allow the user to provide more context and information, for example, "This is a vulnerability for Software v1.1 but this laptop clearly has Software v1.2 on it"

Changes

Product

• [ ] UI changes: TODO
• [ ] CLI usage changes: TODO
• [ ] REST API changes: TODO
• [ ] Permissions changes: TODO
• [ ] Outdated documentation changes: TODO
• [ ] Changes to paid features or tiers: TODO
• [ ] Scalability testing: TODO

Engineering

• [ ] Database schema migrations: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

Context

• Requestor(s): _____

QA

Risk assessment

• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Manual testing steps

1. Step 1
2. Step 2
3. Step 3

Testing notes

Confirmation

1. [ ] Engineer (@____): Added comment to user story confirming succesful completion of QA.
2. [ ] QA (@____): Added comment to user story confirming succesful completion of QA.

[lucasmrod]

Community discussion: https://osquery.slack.com/archives/C01DXJL16D8/p1647772823147719

[noahtalerman]

Noah: Is this about dismissing false positives (incorrect vulns) or about dismissing correct vulns they don't care about?

Kathy: The latter

Noah: Does the customer use the vuln dashboard or Fleet product for vulns?

Noah: How does this stack up against the customer's other request in terms of priority? #14500

Noah: WONT.

[noahtalerman]

@Patagonia121 this wasn't prioritized. Please bring it back to FF if you think we should reconsider.

[noahtalerman]

Noah and Mike: Start w/ an air guitar for this one. Let’s do it next sprint

[noahtalerman]

Feature fest: Related to vuln dashboard in Fleet. Let's weight this against other vuln features for air guitars.

[noahtalerman]

Hey @zayhanlon and @Patagonia121 heads up, we pulled this into the upcoming design sprint as an air guitar.

[Patagonia121]

Customer-stazzema also asked us today for the ability to tag CVEs or applications in the UI - they want to tag the following things:

1. false positive apps
2. false positive CVE
3. add to exception with an explanation

If they take Acrobat uninstaller, chrome helper, teams helper, umbrella menu app - those apps were incorrectly identified as being vulnerable

[rachaelshaw]

@zayhanlon this didn't make it into the current sprint, bringing back to Feature Fest.

[noahtalerman]

@noahtalerman check recordings w/ the customer.

[noahtalerman]

Hey @zayhanlon, heads up, this didn't make the 3 week drafting timeline so we're removing it from the drafting board. Bringing back to feature fest.

[noahtalerman]

@Patagonia121 heads up, we didn't get to this air guitar in the current sprint.

Please feel free to bring this back to feature fest.

[nonpunctual]