Create a rule to automatically request an exception for a specific condition for a group of container vulnerable items (CVITs), such as a rule with a condition that is based on the vulnerability severity of these CVITs. With this rule, you can defer new and existing CVITs automatically if they match the approved rule condition.

Before you begin

Role required: sn_vul.vulnerability_admin

About this task

The rule is applied from the "Valid from" until the "Valid to" date. The remediation task (VUL) is created when the rule is approved. The grouping method for this VUL is known as exception rules. The VUL is created in the Deferred state. You can't close, reopen, or delete this VUL. New and reopened CVITs are deferred and added to this VUL from the "Valid from" date until the group expires on the "Valid to" date.
Note:

Email notifications are sent at every stage of the exception rule work flow. These emails provide the status and other details of a request. For example, when an exception rule is requested, the requester receives an email that confirms that the request is submitted.

Note: If the rule is rejected, you can reopen it in the Draft state, update it, and then resubmit it for approval.

Procedure

  1. Navigate to All > Container Vulnerability Response > Administration > Exception Rules.
  2. On the Exception Rule new record page, click New to create a rule.
  3. On the form, fill in the fields.
    Table 1. Exception Rule form
    FieldDescription
    Name Name of the exception rule.
    Valid from Date from which this rule is active to defer the CVITs.
    Valid to Date from which the remediation task stops accepting new CVITs.
    Reason Reason to create this exception rule.
    Assignment group Group that the remediation task that was created for tracking the deferred CVITs is assigned to.
    Additional information Additional information that the requester wants to provide to the approver. This information is populated in the description field of the remediation task.
    Condition Filter condition for the CVITs that can be defined while processing the CVITs.
    Execute on existing data Option that enables you to run this rule on existing data the first time that this rule is run.
    Workflow stage Current approval status of the exception rule.
    State State of the exception rule.
    Execution order Unique order for each exception rule.
    Deferred until Date until when the VULs and CVITs are deferred. On this date, the created VUL is closed, all the CVITs move out of the group, and group rules are reapplied.
  4. Add the assignment group when you are creating the rule.
  5. Submit the form for approval.
    The status of the request changes to In review. Until you submit the exception rule, it remains in the Draft state.
  6. To view and create a group to manage exception rules:
    1. Navigate to All > User Administration > Groups.
    2. In an exception rule, click the Requested Approvals tab to view the status of the request.
      A scheduled job is run daily, which runs the exception rules on existing data. All the vulnerable items, which match the condition are moved to the Deferred state. If an approved exception rule is deleted, all the deferred vulnerable items revert to their previous state. For more information, see Working with an exception rule.