- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2019 05:43 AM
Hello,
In the Vulnerability Response Module, we recently added Assignment Rules. Is there a way to apply these assignment rules to vulnerability groups that were created before the rules were setup?
I already wrote a script to assign vulnerable items to the correct teams, but I would like to get the vulnerability groups assigned.
Thanks,
Mike
Solved! Go to Solution.
- Labels:
-
Vulnerability Response

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2019 11:30 AM
Hey there,
- Have you already assigned existing Vulnerability Groups (VGs) -> using the assignment functionality of Vuln Group Rules (VGRs)?
- Are you performing this in a Production environment, or Sub-Production environment?
Now that you are taking advantage of Vulnerable Item (VI) to set the VI.Assignment group field (introduced on Madrid) - you also should update your VGR if you have not already, to take advantage of this. Meaning, new VGs created, will leverage the VI.Assignment value set by VI Assignment rules you configured.
To reconcile or refresh the Assignment group values on existing VG's -> the folks on this thread are correct; there is no baseline trigger to make this happen today.
If you've already created and assigned Vulnerability Groups (meaning they have valid Assignment Groups), you may want to weigh the option of deprecating / cancelling these VG records, and running your updated VIs through the VGRs again, which will consume the respective VI.Assignment group values and use that for grouping VIs into VGs -> and setting the VG.Assignment group on new VG records.
You'll need to go down the path of running the VIs through the updated VGR again (updated meaning you are using the Assignment functionality, to consume the VI.Assignment group values).
Check out the Business Rule called Link to Vulnerability Groups, this BR runs the VIs through a Script Include function, that will process VIs and determine how they associate to existing VGs or create new VGs to be associated to (sn_vul.VulnerableGroupRule().groupItemByVulnGroupRule(current))...
If you are solely working in a sub-production environment, and have the ability to delete VIs, VGs and start over -> that may be another path to look at, as all of this functionality runs on <insert> of VIs (VI Assignment Rules, and Vuln Group Rules w/ Assignment functionality)...
Reference: Update VGR Assignment, to use VI.Assignment group data
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2019 06:03 AM
Hi Mike,
Refer to these links, I hope it will help you.
If my reply helps you at all, I’d really appreciate it if you click the Helpful button and if my reply is the answer you were looking for, it would be awesome if you could click both the Helpful and Accepted Solution buttons..:)
Thanks

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2019 06:49 AM
Mike,
I would query the sn_vul_vulnerability table looking for groups without the assignment group set (assignment_groupISEMPTY). Then I would look up the group in the sn_vul_m2m_vul_group_item (sn_vul_m2m_vul_group_item.sn_vul_vulnerability) and retrieve a VIT ( assignment_groupISNOTEMPTY + setLimit(1)). Then grab that VITS assignment group and set it on the VUL.
Go ahead and smash that helpful or correct button!
-Chris

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2019 10:19 AM
There is no OOB functionality to do so. You will need a similar script to update the assignment groups something similar to what Chris has suggested. But assignment group doesnt exists in vul items. So you must be using a custom field for that.
For ex.
var vul = new GlideRecord('sn_vul_vulnerability');
vul.addEncodedQuery('active=true^assignment_groupISEMPTY');
vul.query();
while (vul.next())
{
var vulitem = new GlideRecord('sn_vul_m2m_vul_group_item ');
vulitem.addQuery('sn_vul_vulnerability',vul.getValue('sys_id'));
vulitem.query();
if (vulitem.next())
{
vul.assignment_group = vulitem.<assignment group field name>;
vul.update();
}
}
Please mark this response as correct or helpful if it assisted you with your question.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2019 11:30 AM
Hey there,
- Have you already assigned existing Vulnerability Groups (VGs) -> using the assignment functionality of Vuln Group Rules (VGRs)?
- Are you performing this in a Production environment, or Sub-Production environment?
Now that you are taking advantage of Vulnerable Item (VI) to set the VI.Assignment group field (introduced on Madrid) - you also should update your VGR if you have not already, to take advantage of this. Meaning, new VGs created, will leverage the VI.Assignment value set by VI Assignment rules you configured.
To reconcile or refresh the Assignment group values on existing VG's -> the folks on this thread are correct; there is no baseline trigger to make this happen today.
If you've already created and assigned Vulnerability Groups (meaning they have valid Assignment Groups), you may want to weigh the option of deprecating / cancelling these VG records, and running your updated VIs through the VGRs again, which will consume the respective VI.Assignment group values and use that for grouping VIs into VGs -> and setting the VG.Assignment group on new VG records.
You'll need to go down the path of running the VIs through the updated VGR again (updated meaning you are using the Assignment functionality, to consume the VI.Assignment group values).
Check out the Business Rule called Link to Vulnerability Groups, this BR runs the VIs through a Script Include function, that will process VIs and determine how they associate to existing VGs or create new VGs to be associated to (sn_vul.VulnerableGroupRule().groupItemByVulnGroupRule(current))...
If you are solely working in a sub-production environment, and have the ability to delete VIs, VGs and start over -> that may be another path to look at, as all of this functionality runs on <insert> of VIs (VI Assignment Rules, and Vuln Group Rules w/ Assignment functionality)...
Reference: Update VGR Assignment, to use VI.Assignment group data