Skip to content

Exclusions

The Exclusions feature in AQtive Guard allows you to prevent specific cryptographic objects from generating issues at the organization level. This helps reduce informational noise from findings your organization can’t readily act on, allowing your team to focus their efforts on the most relevant cryptographic risks.

When to use exclusions

Consider using exclusions when discovered cryptographic objects fall outside of your organization’s direct control or immediate remediation scope. Appropriate use cases can include:

  • Third-party certificates embedded within hardware appliances.
  • Cryptography associated with applications your team can’t modify or update.
  • Objects related to systems managed by different departments or teams.
  • Components within legacy systems awaiting deprecation.

How it works

Excluding an object impacts its visibility within AQtive Guard in the following ways:

  • Inventory: The excluded object remains visible within your AQtive Guard inventory list. It is not deleted.
  • Issues: AQtive Guard will stop generating or displaying any issues associated with the excluded object. These issues will be hidden from dashboards, reports, and issue lists across your entire organization.

Considerations

To minimize potential security risks, use the Exclusions feature only to reduce noise from genuinely non-actionable items. Never use exclusions to suppress findings for vulnerabilities that your team is responsible for remediating.

If you need to narrow your focus temporarily without hiding issues from organization-wide dashboards or reports (such as when investigating an issue), use AQtive Guard’s filtering capabilities instead of exclusions.

Caution

Exercise extreme care when excluding cryptographic objects. Misuse of this feature can hide critical vulnerabilities, creating an inaccurate picture of your true security posture and potentially masking significant risks from oversight.

Exclude an individual cryptographic object

Follow these steps to exclude a specific cryptographic object from generating issues:

  1. Navigate to Inventory from the main menu.
  2. Identify the target cryptographic item using filters or by browsing the inventory list.
  3. Select Details at the end of the item row to review its properties, scan history, issues, and contextual information, such as associated hosts or locations.
  4. After you’ve validated that the item is safe to exclude, select Exclude item at the top right of the details panel.
  5. To complete the process, select Exclude item in the Warning dialogue to remove the item from any dashboards, reports, and exports for your entire organization.
  6. Return to the Inventory table and locate the item row. The severity column will now indicate the item has been Excluded.

Remove an exclusion

If an object was previously excluded in error or if it becomes relevant again, follow these steps to remove the exclusion.

  1. Navigate to Inventory from the main menu.
  2. Identify the excluded cryptographic item using filters or by browsing the inventory list.
  3. Select Details at the end of the item row to open its details panel.
  4. Select Remove exclusion at the top right of the details panel.
  5. To complete the process, select Remove exclusion in the Warning dialogue to reinstate the item in dashboards and exports for your entire organization.
  6. Return to the Inventory table and locate the item row. The severity column will now indicate the highest severity level of any issue(s) associated with the item.