Remediation Grouping Strategy (Windows/RHEL)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 hours ago
Hello Community,
We are currently designing remediation task rules for Windows and RHEL OS patching in VR and are evaluating different grouping approaches (for example, by CVE, by asset, or by solution).
We also have Vulnerability Solution Management enabled and see the Preferred Solution field available.
Has anyone successfully built remediation tasks based on Preferred Solutions for Windows/RHEL patching? If so, I’d love to hear about your experience and what worked well, what didn’t, and any lessons learned or recommendations.
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
We create VIT's by Vulnerability (CVE), Configuration Item, and Port. We added the Port designation as we've found things like TLS running on multiple ports can be attributed to different Applications running on a device which are owned by different Assignment Groups.
We then create Remediation Tasks (VUL's) by Vulnerability (VIT) and Assignment Group.
An assignment group can own one or more servers that have a particular vulnerability. Our Infra teams deploy OS patches in a designated cycle so it makes sense to have all those grouped together while our App teams deploy via development cycles for each application so, again, we group those together for them.
Infra vs App are separated by 'keywords' which are just words in a particular vulnerability. Example is Java, SQL, or TLS. Suprisingly simple but effective way to divvy out who owns what. If its an Infra Vuln we use the CI Owner field for assignment and if its an Application Vuln we use the related Service Offering's assignment group.
We don't use the Preferred Solution feature. Our teams know what to do for most things and if they have questions we will help them along ourselves.
Hope that helps!
