Create a vulnerability group

Vulnerability groups are used to group vulnerable items based on vulnerability, vulnerable item conditions, or filter group.

Before you begin

Role required: sn_vul.vulnerability_write

If the system property (sn_vul.autocreate_vul_centric_group) is set to true, each vulnerability entry with a vulnerable item creates a group associated with it.

If it is set to false, groups are created manually.

Procedure

  1. Navigate to Vulnerability > Vulnerabilities > Vulnerability Groups.
  2. Click New.
    Vulnerability group form
  3. Fill in the fields on the form, as appropriate.
    Field Description
    Number The automatically generated vulnerable item number for this record.
    Priority Select the priority for the group. The priority determines the sequence in which the vulnerability is addressed based on its impact and urgency.
    Change approval Automatically displays the change approval currently used for this vulnerability group.
    State This field defaults to New, but you can change it to Analysis if the group is ready for immediate remediation.
    Substate This field provides additional details when a vulnerability is marked as Closed or Ignored. For example, if the vulnerability was fixed, or, if it is a non-fixed closure such as False Positive, Risk Accepted, or Irrelevant.
    Assignment group Select the group to work this vulnerability group.
    Assigned to Select the individual from the selected assignment group that works this vulnerability.
    Short description Brief description of this vulnerability group.
    Description A description of this vulnerability group.
    Group Configuration - Associates filters, CI groups, vulnerabilities with this group.
    Filter type Select the type of filtering you want to use to select vulnerabilities for the group:
    Vulnerability
    Chosen by default. Simplest form that creates groups by Vulnerability. Choose a vulnerability.
    Condition
    Define your own criteria for grouping (For example, Priority=High and Asset class = Server). For more information see, Condition Builder
    Filter group
    Reusable across multiple Security Operations features. For more information see, Create and define filter groups in Security Operations.
    Vulnerability Add a vulnerability entry. Any vulnerable item that contains this vulnerability is included in this group.

    This field displays only if you selected Vulnerability from the Filter type choice list.

    Vulnerable item table Displays the Vulnerable Item [sn_vul_vulnerable_item] table.
    Vulnerable item condition Define conditions that must be true for a vulnerable item to be included in this group.

    This field displays only if you selected Condition from the Filter type choice list.

    Filter group Select or create a filter group to match vulnerable items to this filter group.

    This field displays only if you selected Filter group from the Filter type choice list.

    Automatically refresh vulnerable items When checked, vulnerable items are automatically evaluated against this vulnerability group when vulnerable items are added or updated.
    Notes
    Additional comments (Customer visible) Customer visible comments about the group.
    Work notes Work notes for this group. Updates are recorded here.
    • If a work note is added to a vulnerability group, a work note is added to the associated vulnerable items of that group.
    • If a work note is added to a vulnerable item, a work note is added to the associated vulnerability groups of that item.
    Note: After a vulnerability is added to the group, the Vulnerability Details tab appears.
  4. Click Submit.
    When the group is created, the Associated Vulnerable Item related list displays all matching vulnerable items.
    Final vulnerability group form

    An Associated Vulnerable Group entry also appears in the related list of a vulnerable item.

    Associated Vulnerable Group tab