Create assessment records for vulnerabilities of interest. After you create the assessment, you can initiate initial risk assessment, manually update the record, and calculate the risk score automatically.

Before you begin

You need to be part of the base system Vulnerability Assessment Event Manager assignment group to be able to perform the tasks associated with vulnerability assessment. Role required: sn_vul_analyst.vul_event_manager

About this task

You can create a vulnerability assessment record for vulnerabilities of interest either by associating the event record to a primary CVE or to an affected product.

Procedure

  1. Navigate to All > Workspaces > Vulnerability Assessment Workspace.
  2. Select the Vulnerability Assessment icon.
  3. Select New.
  4. Enter an appropriate title in the Title field.
  5. (Optional) Select a primary CVE to associate with the new assessment record from the Primary CVE field.
    Note: All the preliminary details on the assessment record are populated based on the product that you select or create or the primary CVE that you associate with the record.
  6. Select Submit.
    The vulnerability assessment record with the title you had entered is created and displays in a new vulnerability assessment tab. By default, the vulnerability assessment record displays in the Details tab.
    Note: By default, the details of the primary CVE associated/ mapped are displayed.
    • If no primary CVE is selected during the vulnerability assessment event record creation, a default record is created.
    • If the primary CVE has associated CVEs then the related CVEs are populated in the Vulnerability Entries tab. You can add more associated CVEs from the Vulnerability Entries tab.
  7. Navigate to the Affected Products tab.
    1. Select New.
    2. On the form, fill in the fields.
      FieldDescription
      Publisher Publisher of the software.

      This is a mandatory field.
      Product Product name of the software.

      This is a mandatory field.
      Version Version of the software product.
      Edition Edition of the software.
      Note: If you try to add vulnerability for software that exists in the table with the status 'false', a duplicate record is not created. The status of the existing software is updated to 'true'.
    3. Select OK.
  8. Select Save.