- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-06-2022 07:18 AM
Hi,
Some of our Vulnerable items get closed by the scanner and got reopened by the scanner after a few days if it finds the detection. These VITs are already part of a Remediation task (a.k.a Vulnerability group). If the group is in the "Under Investigation" state, we see that when VIT got reopened, it is being assigned to the new group. For the same VIT, we will have 2 different groups and it gets confusing for the remediation owner assigned to the first group.
Is there a way I can control that behavior so that the VIT will not have a new group created and set the state of this item to "Under Investigation"?
I'm just wondering which script includes/job controls this behavior and if needed I'll work on customizing it.
Regards,
Krishna
Solved! Go to Solution.
- Labels:
-
Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-06-2022 10:41 AM
Thank you, Chris. auto_refresh for the groups other than in the Open state is set to false which causes any newly opened VITs to be created in a new group.
I was thinking about implementing a solution along these lines.
Find all the open VITs in a group which is in the "Under investigation" state. Check if there is any other VUL group associated with that VIT using the same group rule. This indicates that the item is in duplicate groups (one group in the Open state and the other in the Under Investigation state). Mark the newly created group as duplicate (In description) and add the original group name in the work notes. This helps the remediation team to cancel to easily see that these VITs are related to a duplicate group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-06-2022 10:41 AM
Thank you, Chris. auto_refresh for the groups other than in the Open state is set to false which causes any newly opened VITs to be created in a new group.
I was thinking about implementing a solution along these lines.
Find all the open VITs in a group which is in the "Under investigation" state. Check if there is any other VUL group associated with that VIT using the same group rule. This indicates that the item is in duplicate groups (one group in the Open state and the other in the Under Investigation state). Mark the newly created group as duplicate (In description) and add the original group name in the work notes. This helps the remediation team to cancel to easily see that these VITs are related to a duplicate group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-06-2022 12:11 PM
That seems like a good aproach.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-25-2022 09:07 PM
Hi Krishna,
Did you implemented the solution as you proposed (Mark the newly created group as duplicate). If so, just wanted to know - is it working as expected? Any other issues with that implementation? If not implemented that, how is it being handled now? Thanks.
