Business rules installed with Vulnerability Response Vulnerability Response adds the following business rules. Business rule Table Description Add Vulnerable Item CI to Task Vulnerability Item Task[sn_vul_m2m_item_task] Copies the affected resources from the vulnerable item to the task. Begin state approval workflow Vulnerable Item [sn_vul_vulnerable_item] Starts the approval process for a vulnerable item. Calculate Criticality Vulnerable Item [sn_vul_vulnerable_item] Runs the vulnerability calculators when a vulnerable item is inserted or when the configuration item changes. Check ignore expiration Vulnerable Item [sn_vul_vulnerable_item] Checks if the time limit to ignore a vulnerable item has expired. Determine CI from Network Details Vulnerable Item [sn_vul_vulnerable_item] Attempts to set the configuration item on the record given network details such as IP address. Determine vulnerable items Vulnerable Software [sn_vul_software] Examines the software installation table and inserts a vulnerable item for each configuration item found to have an instance of the vulnerable software. Handle complete state Vulnerability Integration Run[sn_vul_integration_run] When a vulnerability integration run completes, starts the next available integration run (if any). Insert vulnerable item Software Installation [cmdb_sam_sw_install] If the software installation has a discovery model that matches a software model with a known vulnerability, a vulnerable item is inserted for the configuration item. Handle ready state Vulnerability Integration Run[sn_vul_integration_run] When a vulnerability integration run is marked as ready, starts the integration run for that item if no other runs are currently processing. Launch scan Scan[sn_vul_scan] Asynchronously launches a scan with a third-party scanner implementation. Move to pending Scan[sn_vul_scan] When a vulnerability scan is ready to be submitted to a scanner, marks the state as pending. New CVEs downloaded NVD Data Feeds [sn_vul_nvd_repo] When new CVEs have been downloaded, publishes an event to the event queue to indicate CVEs have been added to the system. Used by notifications. Normalize default Vulnerability Scanner [sn_vul_scanner] Ensures that only one scanner is marked as default at a given time, and allows only active scanners to be made the default. Populate job script from integration Vulnerability Integration[sn_vul_integration] Updates the script that runs when the chosen processors change. Prevent Delete/Deactivate of Default Vulnerability Scanner [sn_vul_scanner] Prevents the default scanner from being deactivated or deleted. Prevent non-security roles reading Common Weakness Enumeration[sn_vul_cwe] Prevents users without secure record access from reading the record. Prevent non-security roles updating Common Weakness Enumeration[sn_vul_cwe] Prevents users without secure record access from updating the record. Process activation Vulnerable Item [sn_vul_vulnerable_item] Sets the Last opened field to the current date of activation and sets the Reopened flag, if needed. Process inactivation Vulnerable Item [sn_vul_vulnerable_item] Sets the Age closed and removes the Reopened flag, if set. Process Vulnerability Attachments Vulnerability Data Source Import Queue Entry[sn_vul_ds_import_q_entry] Processes the attachment queue. Run process on insert Vulnerability Integration Process [sn_vul_integration_process] When an integration process is inserted, runs the integration script and processor based on any parameters configured on the record. Update Match information Vulnerable Software [sn_vul_software] Updates the auto-match fields when the discovery model is set manually. Update short description Vulnerable Item [sn_vul_vulnerable_item] Generates a short description from the vulnerability selected. Update source task Scan [sn_vul_scan] When a vulnerability scan state changes, updates the task in the Source reference field with work notes to indicate if the scan was successfully launched. Update Vulnerable items Vulnerability State Change Approval [sn_vul_change_approval] Updates the affected vulnerable items with the results of the vulnerability state change approval. Update vulnerable items Software Installation [cmdb_sam_sw_install] If a vulnerable item exists for an installation, the vulnerable item is updated with newly discovered information. Vulnerability scan Security Scan Request [sn_si_scan_request] Starts a vulnerability scan from a security scan request.