Home Paris Security Incident Management Security Operations Vulnerability Response Vulnerability Response remediation overview

Vulnerability Response remediation overview

Vulnerability Response remediation is a phased process consisting of verifying import completion, triaging new vulnerabilities, and monitoring progress to completion. Approached in this way, remediation becomes manageable, timely, and in many ways, automated.

Understanding your security posture across company assets helps you identify the most critical vulnerabilities for remediation. This remediation process requires that Vulnerability Response and a third-party integration such as the Qualys Vulnerability Integration are installed and configured.

Vulnerability Response integration process flow

Verify the successful completion of third-party integration imports

The first phase in this process is to ensure that everything is working correctly. Vulnerability Response is preset to download National Vulnerability Database (NVD) and Common Enumeration Weakness (CWE) vulnerabilities. Third-party imports provide you with the data you need to create vulnerable items and vulnerability groups. Successful remediation depends on the consistent and successful import of vulnerabilities and vulnerable items.

During import CI Lookup Rules match third-party assets to assets in the Configuration Management Database (CMDB). All assets are stored in the Discovered Items module. CI information is critical to solution implementation.

Note: Once a third-party integration has been installed and configured, there are few instances where an import can fail, for example, if the third-party vendor throttles their API calls. When imports do fail, they require prompt attention.

Integration status run reports for the Qualys Vulnerability Integration, Rapid7 Vulnerability Integration, and, starting with v12.1 of Vulnerability Response, the Tenable Vulnerability Integration, are shipped with the applications to give you a graphical overview of your imports. Use this report, or create your own, to easily determine whether your latest import has succeeded.

Review and triage vulnerabilities and vulnerable items

The next phase of remediation calls for the review of new vulnerabilities and vulnerable items. A vulnerable item (VI) is a detected combination of vulnerability and configuration item (CI). As vulnerable items are formed, various rules are run that assign VIs, determine the risk they pose and set remediation targets. Adjust any rules, as necessary, to ensure that the vulnerable items have been triaged successfully.

Most vulnerable items are automatically grouped upon import, based on vulnerability group rules (VGRs). In this phase, focus on vulnerable items that were not grouped and on configuration items that were not matched to items in the CMDB. Matching Discovered Item record information to the CMDB gives you more granular control of your assets and resolving threats to them. Vulnerability groups allow you to remediate large numbers of vulnerable items efficiently. Vulnerable items that are not in a group must be managed individually, costing you time and effort. This is where strong vulnerability group rules are helpful.

Monitor the progress of existing vulnerability remediation

The final phase of remediation consists of monitoring your progress.

Review the status of imports for patch implementations that have not shown up and follow up with IT Operations.
Track the progress of regulatory compliance obligations and ensure their completion.
Review deferred item status and revise or implement fixes.
Monitor Vulnerability Management dashboards. To review trends, view reports in real-time, and use metrics that track your remediation target attainment rates, you may prefer to monitor your processes with the Performance Analytics for Vulnerability Response application.
Automatically close stale vulnerable items not recently detected by your third-party integrations.

Previous topic

Next topic

Release version

Vulnerability Response remediation overview

Verify the successful completion of third-party integration imports

Review and triage vulnerabilities and vulnerable items

Monitor the progress of existing vulnerability remediation

The final phase of remediation consists of monitoring your progress.

Review the status of imports for patch implementations that have not shown up and follow up with IT Operations.
Track the progress of regulatory compliance obligations and ensure their completion.
Review deferred item status and revise or implement fixes.
Monitor Vulnerability Management dashboards. To review trends, view reports in real-time, and use metrics that track your remediation target attainment rates, you may prefer to monitor your processes with the Performance Analytics for Vulnerability Response application.
Automatically close stale vulnerable items not recently detected by your third-party integrations.

How search works:

Topics are ranked in search results by how closely they match your search terms

Vulnerability Response remediation overview

Vulnerability Response remediation overview

Verify the successful completion of third-party integration imports

Review and triage vulnerabilities and vulnerable items

Monitor the progress of existing vulnerability remediation

On this page

Vulnerability Response remediation overview

Vulnerability Response remediation overview

Verify the successful completion of third-party integration imports

Review and triage vulnerabilities and vulnerable items

Monitor the progress of existing vulnerability remediation

Log in to personalize your search results and subscribe to topics