Modifying pre-filters for phase 1

Phase 1 uses pre-defined exclude filters to set findings as not interesting.

The pre-filtering mechanism uses exclusion type filters only and follows the format currently used in AppScan® Source. Exclude filters are located here:

<data_dir>\ml\scan_filters\exclude
The directory includes a general directory as well as a number of programming language specific subdirectories. Filters placed into the general directory apply to all assessments of any language submitted to IFA. Filters placed into the language-specific subdirectories apply to assessments for that specific language only.You can copy the filters used in HCL AppScan Source for Analysis to the proper directory and they will be applied to exclude findings globally if in the general folder, or for findings of a specific language if they are placed in the language specific folder. Filters must exclude non-inverted only or they will not be applied. Filters of specific interest are as follows:
  • All vulnerabilities are listed in vulnerabilities.off, located at:

    <data_dir>\ml\scan_filters\Vulnerabilities.off
  • Vulnerabilities currently excluded during IFA as not interesting are listed in IFA1001.off, located at:

    <data_dir>\ml\scan_filters\exclude\general\IFA1001.off

where <data_dir> is the location of your AppScan Source program data, as described in Installation and user data file locations.

Modify lists by removing lines representing the vulnerability to be considered for the IFA machine learning process.