Create a rule to automatically request an exception for a specific condition for a group of vulnerable items (VIs), such as a rule with a condition that is based on the vulnerability severity of these VIs. With this rule, you can defer new and existing VIs automatically if they match the approved rule condition.

Before you begin

Role required: sn_vul.vulnerability_admin

About this task

The rule is applied from the "Valid from" until the "Valid to" date. The remediation task (VUL) is created when the rule is approved. The grouping method for this VUL is known as exception rules. The VUL is created in the Deferred state. You can't close, reopen, or delete this VUL. New and reopened VIs are deferred and added to this VUL from the "Valid from" date until the group expires on the "Valid to" date.
Note:

Email notifications are sent at every stage of the exception rule work flow. These emails provide the status and other details of a request. For example, when an exception rule is requested, the requester receives an email that confirms that the request is submitted.

Note: If the rule is rejected, you can reopen it in the Draft state, update it, and then resubmit it for approval.

Procedure

  1. Navigate to All > Vulnerability Response > Administration > Exception Rules.
  2. On the Exception Rule new record page, click New to create a rule.
  3. On the form, fill in the fields.
  4. Add the assignment group when you are creating the rule.
  5. Submit the form for approval.
    The status of the request changes to In review. Until you submit the exception rule, it remains in the Draft state.