Create or edit Vulnerability Response remediation target rules

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read

    • After you initial assessment of remediation target rules in the Setup Assistant, Vulnerability managers can set up a remediation target rule at the vulnerable item level to drive the remediation of high-risk vulnerabilities in a timely manner. When the remediation date for a vulnerable item nears, a notification is sent to the users or groups specified in the rule.

    Before you begin

    Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated)

    Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

    Procedure

    1. Navigate to All > Vulnerability Response > Administration > Remediation Target Rules.
    2. Click New.
    3. Fill in the fields on the form, as appropriate.
      Field Description
      Name Name of the rule.
      Target (days) Specify the number of days within which the vulnerable items should be remediated, since last opened.
      V17.1: Target from (date) Date from when the target SLAs are computed. You can specify only the date or the date and time type fields. Default value is Last opened date. To customize the values for this field, see KB1642413.
      Active By default the Active check box is selected, which means the remediation target rule is active. If this check box is cleared, this rule does not apply to new vulnerable items created in the system.
      Notify (days before due) Number of days prior to the targeted remediation time for a notification to be sent. The notification date calculated using this value is used to show the remediation status and color coding. If the date is before the notification date, the remediation status is “In flight.” If it is past the notification date and before the remediation target date, the status is shown as approaching target.
      Note:
      If this field is set to 0, only a Target Missed notification is sent.
      Description Text describing the remediation target rule.
      Condition Using the condition filter, select the criteria for applying the rule to the vulnerable items. To prevent performance impact, test your conditions at full production scale. Testing enables you to determine how long the Evaluate remediation targets job takes to execute, given the conditions and the size of your Configuration Management Database (CMDB).

      Case sensitivity for the search text you enter in the condition builder is not supported on this record or form.
      Notifications
      Note:
      The count shown in the notification email does not include vulnerable items in the Deferred, Resolved, or Closed state.
      Users The people to notify when the selected vulnerable item is approaching or passes its targeted remediation target time.
      Group The group to notify when the selected vulnerable item is approaching or passes its targeted remediation target time.
      Update History
      Unused for initial creation of a rule. Subsequently, system work notes are logged here.
    4. Click Submit.
      This rule goes into effect during the next run of the scheduled job, Evaluate remediation targets or when using the Apply Changes button on the Remediation Target Rules list view. The same is true when an existing rule is updated. For more information on the scheduled job and, Apply Changes see Vulnerability Response remediation target rules.