How to trigger the risk calculator when VI is imported?

kris29 · ‎03-23-2022

Hi,

How can I trigger risk calculator when Vulnerable items are imported from Tenable integration.

When data is imported in Vulnerable items table, "Risk rating" should be updated based on conditions I set in calculator. I can do that manually but looking for solution to do it automatically.

Is there any "scheduled job" responsible for that?

Chris McDevitt · ‎03-23-2022

You are correct, it should just be working. So, what I would do is build a very very simple rule and make sure it gets applied.... then take that knowledge and get fancy.

kris29 · ‎03-23-2022

I created a simple condition in the calculator and it seems to work.

I am not able to modify Vulnerability score v3 value for testing purposes, so I created a new custom field and "Risk rating" was filled in.
I have seen in the community that these fields are locked down baseline.

In the list view after import "risk rating" has been updated to the default value (None), I can change "Risk rating" only using "reapply rule" button

kris29 · ‎03-23-2022

Hi @Chris McDevitt
I found here that BR "Set recalculate flag" might solve my problem. I haven't tested it yet.

I have set conditions CVSS score v3/v2 on "changes" and also checked insert
Does that make sense?

Chris McDevitt · ‎03-23-2022

Yes... So, once the BR sets the score, it is not updated until the reapply flag is detected by the scheduled job. (Or you push the button)

The CVSS score was not intended to be changed by the customer. The CVSS score is a feed from your scanning tool... I would leave that alone. Trust me, stay as close to OOB as possible (Unless you want to see me in a year to conduct a back-to-the-box engagement....)

The intention was for you to influence the Risk Score. (I know I get it, your company is using to using CVSS scores, and for whatever reason, it needs to be influenced.