Hey everybody,
We have just begun trying to use the recent added Exception Rules option within Vulnerability Response. Trying to formulate some of the procedural use cases in doing so, and I am wondering what others might have done to utilize this feature. My team has asked questions related to modifying the out of the box nature of sending e-mail to the members of the approval Groups, validation steps of ensuring the auto-deferred VUL was actually created and VITs associated, review procedures to see if a Rule that has not yet expired is still actually needed, etc.
Question 1 - what are others doing with these rules in operational procedure beyond just the simple tasks of creating and approving/rejecting them?
Also, when I see the VITs associated to the new auto-deferred VUL all go to State of Deferred, all the other existing VULs that were created with the group rules before adding the Exception Rules, the VULs are not changing to a deferred state.
Question 2 - Is this normal behavior that others out there are seeing?
Thanks, in advance, for any time spent assisting,
Joe
