Automatically create test result groups (TRG) to analyze results in bulk using test
result group rules. The criteria by which groups are formed is configured so that you do not
have to manually assign test results into groups.
Understanding test result groups
Test result groups represent a set of test results to remediate. Grouping test results has
many advantages. You can move test results through the remediation states, mark them under
investigation, defer them, mark them resolved in bulk by using groups. You can create
conditions to automatically group all results with specified results, technologies, risk
scores, and any other data related to the test results. Test results can belong to more than
one test result group giving you the flexibility to actively work with one group and monitor
another. It all depends on your organizational needs. For example, you could group by
assignment, and also create a group containing technologies.
Test result groups are created as follows.
From a test result group, the group of test results may be assigned to a user, deferred
until later, used to create a Change Request, and so on.
Note:
With the sn_vulc.remediation_owner role, you can view and update test results and test
result groups that are assigned to you or to your assignment groups. To view the modules,
navigate to , or .
When it is determined that a new test result can be added to a group, the test result is
included in the Test Results related list of the test result
group.
When updating the state of a test result group, associated test results can have their
state updated to match this test result group. See Configuration Compliance states for more information on state changes.
Understanding test result group rules
Test result group rules allow you to define how test results are automatically grouped and
assigned. A default rule, Assignment group, Test, is included in the
base system grouping test results based on a test result Assignment
group and the Test field. This rule is disabled, by
default. You can group by any other set of values in columns accessible from the test
result. You can use up to six keys and any number of conditions. See Create or edit Configuration Compliance test result group rules for more information.
For example, you can group your test results by assignment group or technology and
configuration item (CI). A different set of rules can be used for test results that expose
the company to more risk. You can have one group rule for low severity or low risk CIs. You
can have another group rule for critical servers, and controls with exploits — test results
that expose the company to more risk. See Test Results fields for more information on available fields.
When a new test result is imported, or reopened after being closed, the test result group
rules are evaluated against it. A test result is only evaluated once, unless it is reopened
after being closed.
Group rules are evaluated after CI matching, risk score calculations, and assignment
rules.
The following process is used for each new or reopened test result:
- For each test result group rule, the test result is compared to the condition filter.
- For each rule where the rule condition matches, it pulls the data from the group key
columns on the test result. The rule checks to see if there is a matching
Open test result group that is assigned to the same assignment
group as the test result.
If the group is found, the test result is added to the
existing group in the Open state.
-
If no group in the Open state is found, the rule creates a
group, assigns it based on the User Group or
Key value in the rule, and places the test result in it.
More than one test result rule can be defined, to group different kinds of results. Since
each result is compared with the rule conditions before putting it in a group, too many
rules may have a performance impact.
When a group rule is deleted, you have the option to delete all open groups created by the
rule. This applies to both the rule form view and list view.
When a test result group assignment is made or changed, the Assignment
group and the Assigned to fields roll down to all test
results, except for those where the test result has a different assignment group than the
TRG. For more information on assignment rules, see Configuration Compliance assignment rules overview.
These assignments are used automatically for this group on the next import.