For Vulnerability Management, you need to create one workflow definition. Integrity uses this workflow when the user selects a vulnerability and clicks the Investigate button. The workflow should address all aspects of the investigation process, including whether you decide to remediate the issue, mitigate it in some way, or ignore it.
As the workflow case progresses from state to state, Integrity sets the disposition of the vulnerability matches for that case to the name of the workflow state. When the workflow case is closed, Integrity sets the disposition of the vulnerability matches to Closed, workflow-completion-status, such as Closed, Remediated.
Do not include the word Closed in any state of your vulnerability management workflow. ICS Integrity uses this word in the disposition value to determine which vulnerability matched
objects to display.
You can create the workflow in the Admin Utility through the Workflow link. For more information about workflows, see Creating and Configuring Workflow Definitions.