Any way to see what Vulnerability Calculator was used on a particular _VIT ?

D_SantiagoHQY
Tera Contributor

I need to see which vulnerability calculator was used for any AVIT, CVITS or VITS, is this possible? I'm not seeing a field on the table that would give me that information and I'm just curious if I'm missing something?

The reason I need to see this is because we've setup a way, not OOB, to change the Risk Rating on specific vulnerable items using those risk calculators, so it would be nice to see which vulnerable items had their Risk Rating changed. 

If anyone else has had to "enable" the business to change the Risk Rating on individual vulnerable items, I'd love to hear how you implemented it. We get requests to "lower" Risk Rating or "evaluate actual risk" all the time and our method, while crude, does work to get our teams priorities set straight. 

1 ACCEPTED SOLUTION

Yamsanibhavani
Giga Guru

Hi @D_SantiagoHQY 

 

Depending on whether the calculator rule is based on a template or a script, the name is appended with the details in brackets. To modify or view the basis of the calculator rule, click on any rule and select the Advanced view check box. From the Value type drop-down box, select the required option. If Template is selected, the risk score is updated according to the specified condition in the rule. If Script is selected, you can either add or update the existing script.

The system property sn_sec_cmn.risk_score_changes_add_worknotes helps populate the work notes section. Starting with v25.0.3 of Vulnerability Response, the system property is inactive by default. If you enable it, only then you can see all the changes related to the risk score.

All enabled vulnerability calculators set the selected fields each time a vulnerable item is created, when an associated CI or vulnerability changes, or when the Calculate Risk Score related link in a vulnerable item is used. As an example, the Risk Score is automatically updated on vulnerable item records when the severity value is updated on a vulnerability that is imported. After a vulnerability import has updated a vulnerability score, the recalculate flag is enabled for that vulnerability. The risk scores for the vulnerable items that have the recalculate flag enabled (true) with that vulnerability are recalculated.

From an existing vulnerable item, if you click the Calculate Risk Score related link and either of the calculators is enabled, the Risk Score field in the vulnerable item is updated.
 
If there is need to customize the existing, do it by updating the "script". 

Thanks
Yamsani Bhavani

View solution in original post

2 REPLIES 2

Community Alums
Not applicable

Yamsanibhavani
Giga Guru

Hi @D_SantiagoHQY 

 

Depending on whether the calculator rule is based on a template or a script, the name is appended with the details in brackets. To modify or view the basis of the calculator rule, click on any rule and select the Advanced view check box. From the Value type drop-down box, select the required option. If Template is selected, the risk score is updated according to the specified condition in the rule. If Script is selected, you can either add or update the existing script.

The system property sn_sec_cmn.risk_score_changes_add_worknotes helps populate the work notes section. Starting with v25.0.3 of Vulnerability Response, the system property is inactive by default. If you enable it, only then you can see all the changes related to the risk score.

All enabled vulnerability calculators set the selected fields each time a vulnerable item is created, when an associated CI or vulnerability changes, or when the Calculate Risk Score related link in a vulnerable item is used. As an example, the Risk Score is automatically updated on vulnerable item records when the severity value is updated on a vulnerability that is imported. After a vulnerability import has updated a vulnerability score, the recalculate flag is enabled for that vulnerability. The risk scores for the vulnerable items that have the recalculate flag enabled (true) with that vulnerability are recalculated.

From an existing vulnerable item, if you click the Calculate Risk Score related link and either of the calculators is enabled, the Risk Score field in the vulnerable item is updated.
 
If there is need to customize the existing, do it by updating the "script". 

Thanks
Yamsani Bhavani