Starting with version 10.3, configure the granularity of the vulnerable item (VI) key
in the Vulnerability Response application to define what makes a vulnerable item (VI) in
your organization.
Role required: admin
Starting with v10.3, persona and granular roles are available to help you manage
what users and groups can see and do in the Vulnerability Response application. For initial
assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information
about managing granular roles, see Manage persona and granular roles for Vulnerability Response.
Key terms
- Configuration item (CI)
- An existing asset listed on your CMDB.
- Vulnerability
- A record of a known vulnerability imported from the National Institute of
Standards and Technology (NIST), National Vulnerability Database (NVD),
Common Vulnerabilities and Exposures (CWE), or third-party integrations with
Vulnerability Response.
- Vulnerable item
- A vulnerable item is created when an imported vulnerability matches a
configuration item in your CMDB.
- Detection
- A single, distinct occurrence of a vulnerability as reported by the scanners
of your third-party integrations. Detections are imported and displayed on
both the detection and the vulnerable item records in your instance. Also
referred to as a Vulnerable Item Detection.
By default, a vulnerable item is a unique combination of a configuration item
(CI), a vulnerability, and an integration instance. To create vulnerable items with
more granularity, add unique ports from vulnerable item detections to help you
manage remediation of vulnerabilities at the level you feel is most effective for
your organization.
If you want to create vulnerable items with more
granularity, configure the vulnerable item key so that it includes port. When
Include Port is enabled, vulnerable items are created by unique ports from
vulnerable item detections.
Choose an option from the following table to
enable the Include port option.
Note:
If the Include port option is enabled, more than one vulnerable item may be
created for a configuration item. For example, if a vulnerability exists for
two ports on a configuration item, ports 80 and 443, two unique VIs are
created, one for each port starting with the next import.
Note: Be sure you want to create VIs to include VIs by unique ports before you
enable this feature. Once you enable the VI key to include port, you must first
delete your Vulnerability Response data before you can disable Include port and
return to importing vulnerability data using the default VI key granularity, that
is, where VIs are created for port but not distinguished by a unique port. For more
information about deleting your vulnerability data, see
Delete all your vulnerable item records and related data in Vulnerability Response.
-
Navigate to .
The Last Updated field displays the date the VI key was last configured.
-
Click the Include Port check box to enable it.
-
Click Save.
The Confirmation dialog is displayed.
If you have no vulnerable item
detection records in your instance, both vulnerable item detections and
vulnerable items are created by unique port starting with your next
import.
If you have existing vulnerable item detections and vulnerable
items in your instance, existing detections and associated vulnerable items
will be preserved. New detections create new vulnerable that include VIs
distinguished by unique port starting with the next import.
Verify vulnerable items by port are displayed on the
vulnerable item detection and vulnerable item records. For more information, see View Vulnerability Response vulnerable item detection data.
