Behavior of 'Auto-close VI on Retired CI' within VR module

sarahjantz
Tera Expert

‎07-08-2022 04:35 PM

We enabled the 'Auto-close VI's on Retired CIs' option with the Vulnerability Response module. We then marked a CI as "retired". Both status and operational status fields for this CI were set to "retired". However, we are not seeing the existing open Vulnerable Items related to the CI change to "closed-retired".

How does this setting work? Does it only apply to new VIs created AFTER the setting is enabled?

Labels:
0 Helpfuls
  • 2,932 Views
6 REPLIES 6

Lukasz Bojara
Kilo Sage

‎07-14-2022 02:14 AM

Hi,

 

This option has a complex set up. It it build out of:

  1. Business Rule on CI, Update discovered items on CI retired, that is triggered only when Life Cycle Stage Status changes to or from Retired. It will set the discovered item state to CI Decomissioned. NEXT...
  2. Business Rule on Discovered Item, Add to manifest on state change, that is triggered when DI state changes to or from CI Decomissioned, will add a new entry in the sn_vul_ci_di_manifest table. NEXT...
  3. Scheduled Job, Close detections/VIs for decommissioned CIs, must run (daily). This one will use the sn_vul.DecommissionedCIAutoCloseUtil().closeDetections()
  4. The script include,sn_vul.DecommissionedCIAutoCloseUtil,  will try to close all detections that are Open, and all VITs that are not Closed.
  5. Both VIT and Det, must have correct relation to discovered item.

 

It should apply to all VITs, but as you can see there are multiple places where somtehing can go wrong, especially if there is some customization around CMDB or VR in place. 

 

I hope this will help you in to see why the options is not working as expected,
Lukasz

Karthick Nagara
Tera Expert
In response to Lukasz Bojara

‎04-11-2023 11:43 AM

Thats really helpful summary of process flow @Lukasz Bojara . Thanks for that.
Do you know if there is any OOB logic that updates the LIFE CYCLE STAGE STATUS field of CIs when their STATUS field is set to RETIRED? or how the LIFE CYCLE STAGE STATUS is updated to retired?

0 Helpfuls

JennyHu
Tera Guru
Tera Guru
In response to Karthick Nagara

‎09-13-2023 09:18 AM

I have the same question.  Do you have the answer to it?

0 Helpfuls

Aaron Molenaar
Mega Guru
In response to Karthick Nagara

‎09-13-2023 12:44 PM

I have the same question. Also if there is any reference documentation / guidance on using the Life Cycle Stage Status field? It is not being populated in our environment today.

0 Helpfuls