Hey there,
- Have you already assigned existing Vulnerability Groups (VGs) -> using the assignment functionality of Vuln Group Rules (VGRs)?
- Are you performing this in a Production environment, or Sub-Production environment?
Now that you are taking advantage of Vulnerable Item (VI) to set the VI.Assignment group field (introduced on Madrid) - you also should update your VGR if you have not already, to take advantage of this. Meaning, new VGs created, will leverage the VI.Assignment value set by VI Assignment rules you configured.
To reconcile or refresh the Assignment group values on existing VG's -> the folks on this thread are correct; there is no baseline trigger to make this happen today.
If you've already created and assigned Vulnerability Groups (meaning they have valid Assignment Groups), you may want to weigh the option of deprecating / cancelling these VG records, and running your updated VIs through the VGRs again, which will consume the respective VI.Assignment group values and use that for grouping VIs into VGs -> and setting the VG.Assignment group on new VG records.
You'll need to go down the path of running the VIs through the updated VGR again (updated meaning you are using the Assignment functionality, to consume the VI.Assignment group values).
Check out the Business Rule called Link to Vulnerability Groups, this BR runs the VIs through a Script Include function, that will process VIs and determine how they associate to existing VGs or create new VGs to be associated to (sn_vul.VulnerableGroupRule().groupItemByVulnGroupRule(current))...
If you are solely working in a sub-production environment, and have the ability to delete VIs, VGs and start over -> that may be another path to look at, as all of this functionality runs on <insert> of VIs (VI Assignment Rules, and Vuln Group Rules w/ Assignment functionality)...
Reference: Update VGR Assignment, to use VI.Assignment group data
Hey there,
- Have you already assigned existing Vulnerability Groups (VGs) -> using the assignment functionality of Vuln Group Rules (VGRs)?
- Are you performing this in a Production environment, or Sub-Production environment?
Now that you are taking advantage of Vulnerable Item (VI) to set the VI.Assignment group field (introduced on Madrid) - you also should update your VGR if you have not already, to take advantage of this. Meaning, new VGs created, will leverage the VI.Assignment value set by VI Assignment rules you configured.
To reconcile or refresh the Assignment group values on existing VG's -> the folks on this thread are correct; there is no baseline trigger to make this happen today.
If you've already created and assigned Vulnerability Groups (meaning they have valid Assignment Groups), you may want to weigh the option of deprecating / cancelling these VG records, and running your updated VIs through the VGRs again, which will consume the respective VI.Assignment group values and use that for grouping VIs into VGs -> and setting the VG.Assignment group on new VG records.
You'll need to go down the path of running the VIs through the updated VGR again (updated meaning you are using the Assignment functionality, to consume the VI.Assignment group values).
Check out the Business Rule called Link to Vulnerability Groups, this BR runs the VIs through a Script Include function, that will process VIs and determine how they associate to existing VGs or create new VGs to be associated to (sn_vul.VulnerableGroupRule().groupItemByVulnGroupRule(current))...
If you are solely working in a sub-production environment, and have the ability to delete VIs, VGs and start over -> that may be another path to look at, as all of this functionality runs on <insert> of VIs (VI Assignment Rules, and Vuln Group Rules w/ Assignment functionality)...
Reference: Update VGR Assignment, to use VI.Assignment group data
