Triage vulnerabilities automatically
Reviewing and triaging new vulnerabilities is necessary to ensure successful remediation. Transform vulnerability imports into remediation tasks with automated vulnerable item (VI) assignment, risk calculation, remediation targets, and VI grouping.
Starting with imported vulnerabilities, reconcile the assets not found in the CMDB, prioritize the results, translate that to remediation activities that are automatically assigned, orchestrate the remediation process, and confirm completion with a validation scan.
New vulnerable items are usually sorted into remediation tasks upon import, based on remediation tasks rules. Sometimes, vulnerable items cannot be grouped or do not contain a recognized configuration item.
- Log in to your Vulnerability Response instance.
- Validate that your rules (CI Lookup, Assignment) for vulnerable item are working as
expected. For information on revising CI Lookup Rules, see . For
information on Assignment rules, see Vulnerability Response assignment rules overview.Nota:Due to the large volume in data imports, care should be taken with automated vulnerable item assignment.
- Validate that your remediation targets are correct. See Vulnerability Response remediation target rules for information on how remediation target rules work and how to revise them.
- View ungrouped vulnerable
items.
- Looking at the ungrouped vulnerable items, consider revising your group rules and performing a rescan. See Create or edit Vulnerability Response remediation task rules for more information.
- Manually group the vulnerable items. Manually create a remediation task in Vulnerability Response for more information.
- Revise risk scores for the vulnerable items in your remediation tasks. See Vulnerability Response calculators and vulnerability calculator rules for more information.
- Close older vulnerable items not recently detected by your third-party integrations. See Automatic closing of vulnerable items and detections for more information.
- View and reclassify unmatched configuration items.
- Research what needs to be done for remediation.
This step can include:
- Determine what to deal with now and what you can defer. This determination is often
based on risk score, affected systems, and patches with change
windows.Nota:Remediation target rules belong to vulnerable items. These rules are run when the vulnerable item is imported. These rules were created previously in the Setup Assistant.
- Refresh vulnerable items, if necessary, and View the remediation target status of a Vulnerability Response vulnerable item.
- Create a Change Request and assign the remediation task to an
assignment group (IT Operations) for remediation.Nota:If the vulnerability constitutes a security incident and the Security Incident Response plugin (com.snc.security_incident) is activated, you can create security incident records from the remediation tasks instead.
- After submitting one or more change requests, move the group state to Under Investigation.
- Determine what to deal with now and what you can defer. This determination is often
based on risk score, affected systems, and patches with change
windows.