Hey there,
Here is an example of getting started with an 'Advanced' Vulnerability Calculator Rule (Scripted).
- You have access to the current vulnerable item record (and can dot-walk to reference fields like Vulnerability, Third-Party Entry, CMDB) -- essentially your typical inputs
- Then you can use those inputs in whatever calculation you need (mapped ranges, weighted, case statements, if statements
- You'd finish by setting the Risk Score on the target Vulnerable Item record (current.risk_score =xxx)
- You can also set other values with this method on the Vulnerable Item - though would avoid that if possible and stick to using this to only set Risk Score
Also - if you have not already, check out the VR Process Guide on Page 34 - it walks through approaching the Vulnerability Risk Scoring with a few simplified methods (non-scripted). This may be something to consider before venturing down the path of Advanced/scripted.
Hey there,
Here is an example of getting started with an 'Advanced' Vulnerability Calculator Rule (Scripted).
- You have access to the current vulnerable item record (and can dot-walk to reference fields like Vulnerability, Third-Party Entry, CMDB) -- essentially your typical inputs
- Then you can use those inputs in whatever calculation you need (mapped ranges, weighted, case statements, if statements
- You'd finish by setting the Risk Score on the target Vulnerable Item record (current.risk_score =xxx)
- You can also set other values with this method on the Vulnerable Item - though would avoid that if possible and stick to using this to only set Risk Score
Also - if you have not already, check out the VR Process Guide on Page 34 - it walks through approaching the Vulnerability Risk Scoring with a few simplified methods (non-scripted). This may be something to consider before venturing down the path of Advanced/scripted.
