Create a vulnerability solution so that you can track vulnerability solutions that are not covered by third-party solution content.

Before you begin

Role required: admin, sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or vulnerability.write

Vulnerability Solution Management is a feature available within the Vulnerability Response application. Vulnerability Solution Management requires a separate subscription.

Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

About this task

You can create a solution from any of the solution lists. You must install the Vulnerability Solution Management application before you can create a solution.

Procedure

  1. Navigate to All > Vulnerability Response > Solutions.
  2. Choose a solution list: All, Highest Supersedence or With Vulnerable Items.
  3. Click New.
  4. Fill in the editable fields on the form, as appropriate.
    You can leave any unused fields blank. For more information about individual fields, see Solution form fields.
  5. Right-click Save in the header.
    The solution record is added and appears in the All and Highest Supersedence lists, by default.
  6. The Related Lists appear.

    You can associate this solution to the following related lists: Vulnerable Items,Third-Party Vulnerabilities, CVEs, Superseding Solutions and Preceding Solutions. Choose a vulnerability or solution and click Submit.

    Note:

    Vulnerability Solution Management automatically associates vulnerable items and remediation tasks with solutions when vulnerability records are associated manually with solutions.

    Vulnerable items manually re-assigned to another solution are not automatically updated with solution changes at the vulnerability level.

    If you want to exclude the relationship between a third-party vulnerability and a solution because it is not relevant to the CI you are remediating, or it is not a concern in your environment, see Manually exclude solutions from third-party records or vice versa.