By configuring remediation task rules, you can automatically group findings based on filter conditions.

In the Security Exposure Management Workspace, you can set up a single assignment rule that applies to all types of findings, including vulnerable items (VITs), application vulnerabilities (AVITs), container vulnerabilities (CVITs), and configuration test results (CTRs). This rule can then be applied to all the findings or a specific combination of findings.

Create remediation task rules

Create remediation task rules to automatically group findings based on filter conditions. These rules automatically group findings as they’re imported or manually created. Use the filter to limit the findings grouped by this rule, such as selecting all findings with exploits.

Before you begin

Role required: See Access control lists (ACLs) for administration rules

About this task

The base system ships with one remediation task rule, Vulnerability, which groups vulnerable items by vulnerability and assignment group (from Assignment rules). You can reapply the rules from the form or list view. For some sample entries, see Vulnerability Response remediation task rule examples.

This rule can be modified by using filter conditions and Group by choices. By default, remediation tasks use Assignment Rules, when available, as part of their filter criteria.
Note: If no assignment rules exist, you can select a group using the User group field.

Procedure

  1. Navigate to Workspaces > Security Exposure Management Workspace.
  2. Select Administration in the navigation pane.
  3. Select Review on the Remediation task rules tile.
  4. On the Rules page, select Remediation task in the navigation pane.
  5. Select New and fill in the fields on the form:
    Table 1. Remediation task rule form
    Field Description
    Details
    Name Name of the remediation task rule.
    Applies to Tables the remediation task rule applies to.
    Active Indicates whether the remediation task rule is active.
    Description Description of the remediation task rule.
    If this condition is met
    Case sensitive Determines whether a condition is case sensitive or not.
    Note: The default value is case insensitive.
    Condition fields

    Conditions that must be met.

    By default, searches in the condition builder on task rule records and forms aren’t case-sensitive (the Case sensitive check box is inactive). If needed, you can enable case-sensitive searches by selecting the Case sensitive check box on the relevant task records and forms.
    New condition set Adds more condition filter fields to choose from.
    Group by
    Group findings from The table the rule uses to group the findings. Choices are:
    • Finding [sn_vul_vulnerable_item]
    • Finding > Configuration Item [cmdb_ci]
    • Finding > Vulnerability
    Note:
    • The Group findings from field updates based on the number of tables selected in the Applies to field. If one table is chosen, it shows the corresponding item. If multiple tables are chosen, it displays Findings.
    • You can add up to six grouping criteria.
    Using field Field on the table that the rule uses to group findings.
    Assignment
    Assign remediation tasks by

    When automatically assigning remediation tasks, the Assignment choice is used in addition to the Group By choices to group the findings. New tasks are created, as needed, to ensure that each finding is placed in a task with a matching assignment group set.

    To automate the assignment of tasks created based on this rule, choose one of the options available.
    • Group by field: If you selected any user group field from the Using field values in the Group by section, they appear in the drop-down menu.
    • User Group: Use the lookup list to select a static user group.
  6. Select Save.