Create a rule to automatically request an exception for a specific condition for a group of vulnerable items (VIs), such as a rule with a condition that is based on the vulnerability severity of these VIs. With this rule, you can defer new and existing VIs automatically if they match the approved rule condition.

Before you begin

Role required: sn_vul.vulnerability_admin

About this task

The rule is applied from the "Valid from" until the "Valid to" date. The remediation task (VUL) is created when the rule is approved. The grouping method for this VUL is known as exception rules. The VUL is created in the Deferred state. You can't close, reopen, or delete this VUL. New and reopened VIs are deferred and added to this VUL from the "Valid from" date until the group expires on the "Valid to" date.
Note:

Email notifications are sent at every stage of the exception rule work flow. These emails provide the status and other details of a request. For example, when an exception rule is requested, the requester receives an email that confirms that the request is submitted.

Note: If the rule is rejected, you can reopen it in the Draft state, update it, and then resubmit it for approval.

Procedure

  1. Navigate to All > Vulnerability Response > Administration > Exception Rules.
  2. On the Exception Rule new record page, click New to create a rule.
  3. On the form, fill in the fields.
    Table 1. Exception Rule form
    FieldDescription
    Name Name of the exception rule.
    Valid from Date from which this rule is active to defer the VIs.
    Valid to Date from which the remediation task stops accepting new VIs.
    Reason Reason to create this exception rule.
    Assignment group Group that the remediation task that was created for tracking the deferred VIs is assigned to.
    Additional information Additional information that the requester wants to provide to the approver. This information is populated in the description field of the remediation task.
    Condition Filter condition for the VIs that can be defined while processing the VIs.
    Execute on existing data Option that enables you to run this rule on existing data the first time that this rule is run.
    Workflow stage Current approval status of the exception rule.
    State State of the exception rule.
    Execution order Unique order for each exception rule.
    Deferred until Date until when the VULs and VIs are deferred. On this date, the created VUL is closed, all the VIs move out of the group, and group rules are reapplied.
  4. Add the assignment group when you are creating the rule.
  5. Submit the form for approval.
    The status of the request changes to In review. Until you submit the exception rule, it remains in the Draft state.