Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Enterprise Controlling False Positive Action to particular User

Wayne | Last updated: Mar 06, 2024 09:47AM UTC

Is there a way to restrict false positive action to particular user or group may be using Role.? or if there is another way by which i can restrict False positive marking of issue for user(s) let me know. I tried unchecking "Scans>Edit Issues" but that didn't prevented user from marking finding as false positive.

Liam, PortSwigger Agent | Last updated: Mar 06, 2024 10:39AM UTC

Thanks for your message, Manish.

To clarify, would you like to restrict a user from being able to mark an issue as a false positive on a selection of sites or all sites?

Wayne | Last updated: Mar 06, 2024 02:29PM UTC

Both...on selective sites and all sites

Liam, PortSwigger Agent | Last updated: Mar 07, 2024 08:49AM UTC

Thanks for following up, Manish.

We'll discuss your request with our product team and get back to you ASAP.

Liam, PortSwigger Agent | Last updated: Mar 07, 2024 09:13AM UTC

Hi Manish. We confirmed with our product team and further testing that creating a user who does not have EDIT_ISSUES does prevent them from marking false positives.

Perhaps there’s something else in the permissions configuration?

If you want us to email screenshots of our configuration and resulting FP restriction, please email us at support@portswigger.net.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.