Confused about Remediation Task Rules, when do they run/trigger?

Go to solution
Ketil Ellertsen
Kilo Expert

‎05-19-2022 12:45 AM

Hi!

I have set up a remediation task rule, that groups based on assigned_to field and vulnerability. When I click the reapply button, it correctly deletes all existing VULs related to the rule and creates new, which contain any VIT meeting the condition. 

However, when new VITs are created these are not automatically added to existing VULs, even though they satisfy the conditions. I saw in the documentation that only VULs created through condition filter/filter groups that are updated automatically. If that is the case, what is the point of having these Remediation Task Rules? It feels like I am missing something. 

 

The remediation task rule in question:

find_real_file.png

Labels:
Preview file
83 KB
Preview file
83 KB
0 Helpfuls
  • 5,253 Views
1 ACCEPTED SOLUTION

Go to solution
Ketil Ellertsen
Kilo Expert
In response to Chris McDevitt

‎05-19-2022 07:18 AM

Hi Chris!

Thanks for taking the time to reply. What you are saying makes sense.

However, that means something is wrong in our instance. Whenever I create new VITs they are not added to existing VULs (which are in state open) nor is any new VUL created. I am not sure as to why it is not working. As I've mentioned above, when I use the reapply function, it works fine.

Any suggestion as where to look for an error? I've looked for scheduled jobs but I could not find what triggers it.

While writing this, I realized I had not checked the business rules. And there I found the issue: I was not fulfilling the conditions for triggering the "Link to Remediation Tasks" BR. When creating the VITs correctly, it now works! 

Thanks for your help! 

View solution in original post

Preview file
12 KB
Preview file
32 KB
Preview file
37 KB
Preview file
2 KB
Preview file
37 KB
0 Helpfuls
13 REPLIES 13

Go to solution
Stephen Laseau
Kilo Guru

‎05-19-2022 05:17 AM

Missed your other question.  During insert, VITs are only assigned to groups that are in a state of "Open".  If no open group meets the logic of a remediation task rule, then a new group is created.  Therefore, you can have multiple groups based on the same remediation task rules, just in different states such as "Open", "Under Investigation" or "Closed".

Go to solution
Ketil Ellertsen
Kilo Expert
In response to Stephen Laseau

‎05-19-2022 05:21 AM

Hi Stephen!

 

Thank you for your reply. So that probably means that something is wrong on my side. Whenever I create new VITs manually they are not added to existing VULs nor does it create new VULs. But it does work when I use the reapply button in the remediation task rule. 

Do you have any suggestion on how to fix this? Where to begin to look?

Thanks!

0 Helpfuls

Go to solution
Stephen Laseau
Kilo Guru
In response to Ketil Ellertsen

‎05-19-2022 10:50 AM

If it meets the condition of the remediation task rule then it should join an Open group or create it.  Make sure the rules are Active and there is not some condition that is not being met.

Review a VIT you manually created and scroll to the bottom to the Vulnerability Groups/Remediation Tasks related list.  Is nothing showing there?  If not, you must not be meeting all of the criteria or the rule must not be active. 

There is also a Case Sensitive checkbox on the rules - perhaps that is the issue?

Perhaps provide a screenshot of your rule.

0 Helpfuls

Go to solution
William Froger
Tera Contributor
In response to Stephen Laseau

‎05-19-2022 06:58 AM

That's very enlightening, thanks.

 

I've tried to set a business rule in order to automatically assign a remediation task to a specific user.

Does the Business Rules apply before the remediation task rules ?

0 Helpfuls

Go to solution
Stephen Laseau
Kilo Guru
In response to William Froger

‎05-19-2022 10:52 AM

Best practice is to use the Remediation Task Rules to handle assignment.  Cannot help beyond that.

0 Helpfuls