Updated CI - how can we automatically get the assignment rules for a VIT to update to reflect the change?

Teena H · ‎05-02-2022

Hello
First, I'd like confirmation that my assumption about VIT assignment rules is correct - by default they only execute when a VIT is first created?

Second, if that is true, is there a job/business we can configure to re-run the assigment rules based upon a CI's approval/assignment groups being modified?

Has anyone solved this problem?

Shivam Sarawagi · ‎05-02-2022

Hi,

Assignment rules are run on the VIT which are getting created newly. Also, there is an option to reapply from the rules you can check the scheduled job "Reapply all vulnerability assignment rules" this you can run one time to reapply assignment rules on all the items (depends on the number of VITs it will take a while).

If this is very frequent and the assignment group of CI is getting changed almost daily then you can have a BR on the CI table and reevaluate the assignment of the impacted VITs.

Teena H · ‎05-02-2022

Assignment group of the CI is not changed daily - running the reapply rules seems to execute across all 4 million VITs and takes a very long time, and is a manual solution to kick off, but I'd like to see it operate only across a subset of those VITs linked to CIs that have changed as we have assignment rules which assign vulns according to the approval/assignment group fields.

Chris McDevitt · ‎05-03-2022

Hi,

So in theory I would:

Detect if the CI groups have changed
Determine if the CI has an open VI(s)
Flag that VI(s)
Run a scheduled job on those flagged VI(s)

Teena H · ‎05-04-2022

This is what I am thinking - would you do this as a business rule or a scheduled job?