After you complete your initial assessment of remediation task rules using Setup Assistant, you can create rules to automatically group vulnerable items based on filter conditions. These rules automatically group vulnerable items as they are imported or manually created. Use the filter to limit the vulnerable items grouped by this rule, such as selecting all vulnerable items with exploits.

Before you begin

Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated)

About this task

The base system ships with one remediation task rule, Vulnerability, which groups vulnerable items by vulnerability and assignment group (from Assignment Rules). You can reapply the rules from the form or list view. For some sample entries, Vulnerability Response remediation task rule examples.

This rule can be modified as follows:

By using filter conditions and Group by choices.

By default, remediation tasks use Assignment Rules, when available, as part of their filter criteria.
Note: If no assignment rules exist, you can select a group using the User group field.

Starting with version 18.0 of Vulnerability Response, the Vulnerability remediation task rule is deactivated in Vulnerability Response for new implementations.

Procedure

  1. Navigate to All > Vulnerability Response > Administration > Remediation Task Rules.
  2. Open the rule or click New.
  3. If New, fill in the fields on the form, as appropriate.
    Table 1. Remediation Task Rule
    Field Description
    Name Name of the task rule.
    Active Indicates whether the task is active.
    Description Description of the rule.
    Case sensitive Determines whether a condition is case sensitive or not.
    Note: The default value is case insensitive.
    Condition Optional filter conditions for the rule.
    Note: To make Rapid7 InsightVM asset tags available for use in the Condition filter for Remediation Task Rules, you must run the Rapid7 InsightVM Asset List integration before the other Rapid7 InsightVM integrations.

    By default, (Case sensitive check box disabled), the search text you enter in the condition builder on task rules records and forms is not case-sensitive. You have the option to enable case-sensitive searches on task records and forms.
    Group by (up to six condition sets are available)
    Group vulnerable items from The table the rule uses to group VIs. You can have up to six filters.
    Choices are:
    • Vulnerable Item [sn_vul_vulnerable_item]
    • Vulnerable Item → Configuration Item [cmdb_ci]
    • Vulnerable Item → Vulnerability [sn_vul_third_party_entry]
    Note: If you choose an extended table, the Using field is applied only for vulnerable items that use that extended table.
    Using field Field on the table that the rule uses to group VIs.
    Assignment
    Assign remediation tasks by

    When automatically assigning remediation tasks, the Assignment choice is used in addition to the Group By choices to group the vulnerable items. New tasks are created, as needed, to ensure that each vulnerable item is placed in a task with a matching assignment group set.

    To automate the assignment of tasks created based on this rule, choose one of the options available.
    • Group by field: If you selected any user group field from the Using field values in the Group bysection, they appear in the drop-down menu.
    • User Group: Use the lookup list to select a static user group.
    Note: If you change your mind about any of the Group by settings, the Clear group by fields related link resets the Group by fields on the form.

    When a group rule is deleted, from the form or list view, you have the option to delete all Open groups created by that rule. Groups not in the Open state are excluded.

    For some sample entries, see Vulnerability Response remediation task rule examples.