As I understand it, Vulnerability Groups are ways of grouping together one or more VIs so that the entire group can be passed to a resolver group for investigation.   Really, it's no different than grouping together related Incidents so that they can be escalated to the right team for analysis.

The criteria for groups is fairly flexible: it could be skill-matched, application-centric, location-specific.. in some ways, it's trying to find commonality between a number of VITs so that they can be passed en-masse onto a group because they share a common characteristic (same vendor, same application, same codebase, etc).  

Unfortunately it's not uncommon for a VIT to belong to more than one VG, given it satisfies more than one criteria - so a SharePoint vulnerability could belong to three VGs: Office, IIS, WebDev.     Luckily it's possible (by looking at the VIT record) to see what groups it belongs to, so it's expected that someone in one group may decide to recategorise it - or take ownership and exclude the others.   My feeling is that several pairs of eyes is better than none.

Navigating to the VIT doesn't need to be via the group - the asset owner can see VITs being raised against the asset, and also what groups it belongs to.   Are you thinking that the asset owner will actually be the one selected to investigate and remediate? Or that action will be taken on their behalf (by one or more VG members) and they'll be expected to make a decision if one is needed?   If it's the latter, it sounds like your concern is getting the information presented in an easier manner to the asset owner, rather than them having to hunt.

I think I like the idea of a vulnerability group being created per applicable patch per CMDB CI Support Group. There are multiple support groups that own & patch servers. That vulnerability group would contain all of the vulnerable items that the patch applies to. Therefore in a SCCM environment, once the patch has been pushed and installed they can mark that specific ticket for that patch as closed and queue up a scan to validate.

Back to one of my initial questions about manually importing the data. Should the data be imported into the VI list?

Hi SeanBarrett,

 I am working on some similar type of requirement we have internal application analyzing all the vulnerabilities via Qualys and we receive an excel sheet which is manually sorted out from a team and then issues are mailed.

 I made a quick check with Import sets and with the Data enrichment mapping modules if you can please help me out if possible importing excel sheet in this Vulnerability Plugin and then processing this data to create Tickets (Vulnerable items kind of ) using assignment of Vulnerability Groups.Any possible way to implement this ?

Thanks in advance,

Panther

Hi Aman,

Did you implement this functionality? We are looking into implementing a similar type of functionality.

Thanks

Surendra