Create a rule to automatically request an exception for a specific condition for a group of container vulnerable items (CVITs), such as a rule with a condition that is based on the vulnerability severity of these CVITs. With this rule, you can defer new and existing CVITs automatically if they match the approved rule condition.

Before you begin

Role required: sn_vul.vulnerability_admin

About this task

The rule is applied from the "Valid from" until the "Valid to" date. The remediation task (VUL) is created when the rule is approved. The grouping method for this VUL is known as exception rules. The VUL is created in the Deferred state. You can't close, reopen, or delete this VUL. New and reopened CVITs are deferred and added to this VUL from the "Valid from" date until the group expires on the "Valid to" date.
Note:

Email notifications are sent at every stage of the exception rule work flow. These emails provide the status and other details of a request. For example, when an exception rule is requested, the requester receives an email that confirms that the request is submitted.

Note: If the rule is rejected, you can reopen it in the Draft state, update it, and then resubmit it for approval.

Procedure

  1. Navigate to All > Container Vulnerability Response > Administration > Exception Rules.
  2. On the Exception Rule new record page, click New to create a rule.
  3. On the Exception Rule form, fill in the fields.
    Note: For more information on the form fields, see Exception Rule form.
  4. Add the assignment group when you are creating the rule.
  5. Submit the form for approval.
    The status of the request changes to In review. Until you submit the exception rule, it remains in the Draft state.
  6. To view and create a group to manage exception rules:
    1. Navigate to All > User Administration > Groups.
    2. In an exception rule, click the Requested Approvals tab to view the status of the request.
      A scheduled job is run daily, which runs the exception rules on existing data. All the vulnerable items, which match the condition are moved to the Deferred state. If an approved exception rule is deleted, all the deferred vulnerable items revert to their previous state. For more information, see Working with an exception rule.