Pretty straightforward question. The older guides aren't accurate, I want an up to date guide for doing this. Blah blah blah blah blah just writing to fill up the word length requirement.
If you're looking to whitelist your vulnerability scanner from correlation searches, your best bet is to use the asset and identify framework.
When you generate your asset list, you'd identify your vulnerability scanner by either IP Address, hostname, installed applications, etc etc, and give it a category of "scanner" or "known_scanner", or whatever you want. You'd then update the applicable correlation searches to not include anything where "category=scanner".
Where do you want to whitelist the vulnerability scanners? In specific correlation searches, from threat lists, or what? Please provide some additional detail 🙂