VITs not always linked to VULs

lmundere · ‎01-04-2022

We have recently upgraded to Vulnerability response 15.0.2 and we integrate with Rapid7 insight VM but I have realized that not every VIT necessarily points to a VUL, i think that i have seen the explanation of this behavior but I dont remember what it was, anybody knows or can point me to the correct documentation?

lmundere · ‎03-01-2022

found out that VULs are going to be deprecated with the new version of VR, current logic should just use remediation efforts

View solution in original post

sean10 · ‎01-04-2022

You might check the grouping / assignment rules you have set to sort your VITs. Do you have a catch all rule to get any that don't get filtered on the first try. My environment is similar and we had to create a rule that fires last to capture any VIT that doesn't get hit by an assignment rule. This could be VITs that are created that don't match up to CMDB entries or with Rapid7 if you have an item that doesn't scan properly you could get a ghost entry that basically is an IP address with no other information. That has caused me some issues with our program so we created a rule that will assign those items that do not get hit with standard filtering to an assignment group that can be used to verify findings and then reassign them as needed to the proper groups. While it doesn't add them to the VUL it at least gets the assignment part taken care of and can be dealt with from there.

lmundere · ‎01-04-2022

well, the thing is that assignment rules have been working well in the past version and I also realized that a few VITs get assigned to VULs but not always and i am wondering why this behavior.

lmundere · ‎03-01-2022

found out that VULs are going to be deprecated with the new version of VR, current logic should just use remediation efforts