Triage vulnerabilities automatically

Reviewing and triaging new vulnerabilities is necessary to ensure successful remediation. Transform vulnerability imports into remediation tasks with automated vulnerable item (VI) assignment, risk calculation, remediation targets, and VI grouping.

Starting with imported vulnerabilities, reconcile the assets not found in the CMDB, prioritize the results, translate that to remediation activities that are automatically assigned, orchestrate the remediation process, and confirm completion with a validation scan.

New vulnerable items are usually sorted into vulnerability groups upon import, based on vulnerability group rules. Sometimes, vulnerable items cannot be grouped or do not contain a recognized configuration item.

An overview of the vulnerability triage process:

Log in to your Vulnerability Response instance.
Validate that your rules (CI Lookup, Assignment) for vulnerable item are working as expected. For information on revising CI Lookup Rules, see CI Lookup rules for identifying configuration items from Vulnerability Response third-party vulnerability integrations. For information on Assignment rules, see Vulnerability Response assignment rules overview.
Note: Due to the large volume in data imports, care should be taken with automated vulnerable item assignment.
Validate that your remediation targets are correct. See Vulnerability Response remediation target rules for information on how remediation target rules work and how to revise them.
View ungrouped vulnerable items.
- Looking at the ungrouped vulnerable items, consider revising your group rules and performing a rescan. See Create or edit Vulnerability Response group rules for more information.
- Manually group the vulnerable items. Manually create a Vulnerability Response group for more information.
- Revise risk scores for the vulnerable items in your groups. See Vulnerability Response calculators and vulnerability calculator rules for more information.
- Version 10.3: To close older vulnerable items not recently detected by your third party scanners, enable the Auto-Close Stale Vulnerable Items module.
View and reclassify unmatched configuration items.
Research what needs to be done for remediation.
This step can include:
- - Determine what to deal with now and what you can defer. This determination is often based on risk score, affected systems, and patches with change windows.
    Note: Remediation target rules belong to vulnerable items. These rules are run when the vulnerable item is imported. These rules were created previously in the Setup Assistant.
  - Refresh vulnerable items, if necessary, and View the remediation target status of a Vulnerability Response vulnerable item.
  - Create a Change Request and assign the vulnerability group to an assignment group (IT Operations) for remediation.
    Note: If the vulnerability constitutes a security incident and the Security Incident Response plugin (com.snc.security_incident) is activated, you can create security incident records from the vulnerability group instead.
  - After submitting one or more change requests, move the group state to Under Investigation.

Triage vulnerabilities automatically

An overview of the vulnerability triage process:

Log in to your Vulnerability Response instance.
Validate that your rules (CI Lookup, Assignment) for vulnerable item are working as expected. For information on revising CI Lookup Rules, see CI Lookup rules for identifying configuration items from Vulnerability Response third-party vulnerability integrations. For information on Assignment rules, see Vulnerability Response assignment rules overview.
Note: Due to the large volume in data imports, care should be taken with automated vulnerable item assignment.
Validate that your remediation targets are correct. See Vulnerability Response remediation target rules for information on how remediation target rules work and how to revise them.
View ungrouped vulnerable items.
- Looking at the ungrouped vulnerable items, consider revising your group rules and performing a rescan. See Create or edit Vulnerability Response group rules for more information.
- Manually group the vulnerable items. Manually create a Vulnerability Response group for more information.
- Revise risk scores for the vulnerable items in your groups. See Vulnerability Response calculators and vulnerability calculator rules for more information.
- Version 10.3: To close older vulnerable items not recently detected by your third party scanners, enable the Auto-Close Stale Vulnerable Items module.
View and reclassify unmatched configuration items.
Research what needs to be done for remediation.
This step can include:
- - Determine what to deal with now and what you can defer. This determination is often based on risk score, affected systems, and patches with change windows.
    Note: Remediation target rules belong to vulnerable items. These rules are run when the vulnerable item is imported. These rules were created previously in the Setup Assistant.
  - Refresh vulnerable items, if necessary, and View the remediation target status of a Vulnerability Response vulnerable item.
  - Create a Change Request and assign the vulnerability group to an assignment group (IT Operations) for remediation.
    Note: If the vulnerability constitutes a security incident and the Security Incident Response plugin (com.snc.security_incident) is activated, you can create security incident records from the vulnerability group instead.
  - After submitting one or more change requests, move the group state to Under Investigation.

How search works:

Topics are ranked in search results by how closely they match your search terms

Triage vulnerabilities automatically

Triage vulnerabilities automatically

On this page

Triage vulnerabilities automatically

Triage vulnerabilities automatically

Log in to personalize your search results and subscribe to topics