Before you can use the workspaces, confirm you've completed the following setup tasks.

Before you begin

Role required: admin for assigning roles to users and groups and users to groups.

sn_vul.vulnerability_admin for editing, creating rules, and configuring the Vulnerability Response application.

Confirm you've completed the following setup tasks. See the steps following the list for more information about how to perform these tasks.

Task Description
Empty check box icon If not already assigned, assign users and groups with the proper roles so that they have access to the workspaces.

Role required: admin. See the steps below for more information.
Empty check box icon Set up assignment rules so vulnerable items are assigned to the proper groups for remediation.

Role required: sn_vul.vulnerability_admin.

For more information about assignment rules, see Vulnerability Response assignment rules overview. You create and edit assignment rules in the classic environment.
Empty check box icon (Optional): Edit or create your remediation task rules.

Role required: sn_vul.vulnerability_admin.

Note:

Functionally, remediation task rules work just like remediation task rules did in previous versions of Vulnerability Response. However, unlike the vulnerability groups that were created automatically from your remediation task rules, remediation tasks are created when you create remediation efforts. You have the following options for bundling the vulnerable items in a remediation effort into remediation tasks:

For more information about how VIs are automatically grouped and how the group rules are reapplied in the classic environment, see Vulnerability Response remediation tasks and remediation task rules overview.
Empty check box icon Edit remediation target rules.

Role required: sn_vul.vulnerability_admin.

Add remediation target rules in the classic environment. For more information about remediation target rules, see Create or edit Vulnerability Response remediation target rules.

Procedure

  1. After you install and activate the Vulnerability Response application, in the classic environment as a user with the admin role, navigate to All > Vulnerability Response > Administration > Setup Assistant.
    Setup Assistant in VR
  2. In the Setup Assistant, assign users to the following groups.
    Note: 1000 is the limit for the number of user groups a user can be assigned to in the Vulnerability Response Workspaces.

    The following groups are provided with the Vulnerability Response application and are used in the workspaces. You can assign users to them in the Setup Assistant:

    • Remediation Owner - This group is for IT remediation owners in the IT Remediation Workspace. Users with this role fix vulnerabilities assigned to them in remediation tasks.
      Note:

      If you want your remediation owners to create and view change requests and view vulnerable configuration item (CI) data in the IT Remediation Workspace and in the classic environment, assign them the itil role. You might prefer to assign the itil role to individual users instead of to all members in a group. The cmdb_read role is also an option for users to view CI data in the workspaces.

    • Starting with v16.1, you can set up email reminders to your IT remediation owners. To set up email notifications to the workspaces, see Set up email notifications in the Vulnerability Response Workspaces.
    • Vulnerability admin - This group is for vulnerability managers. This role configures the Vulnerability Response application in the Setup Assistant. This role also has permission to process exception and false positive requests.
    • Vulnerability Analyst - This group is for security managers, vulnerability managers, and analysts in the Vulnerability Manager Workspace. This role monitors vulnerabilities, creates watch topics and remediation efforts, and monitors remediation progress.
    • False Positive Approver - Users in this group process false positive requests for vulnerable items or remediation tasks. A false positive request requires a single-level approval process. You can manage assigning users to this group outside of the Setup Assistant in User Administration.
    • Exception Approver - An exception request for a vulnerable item or remediation task is approved using a default, two-level approval workflow. The exception request requires two levels of approvers. Add users to both approval groups: Exception Approver - Level 1 and Exception Approver Level - 2. After the request is approved by the level 1 approver, it is sent on to the second level approver. You manage assigning users to this group outside of the Setup Assistant in User Administration.
      Note: Add users to the approval groups prior to submitting false positive and exception requests. If you create requests prior to assigning users with approval permission, the requests might not be visible to them.

    Alternatively, click the User Administration link to manage and assign the following granular roles to your users and existing groups. These roles permit users to perform specific actions within the Vulnerability Response application and the workspaces.

    • sn_vul.vulnerability_admin
    • sn_vul.vulnerability_analyst
    • sn_vul.remediation_owner
    • To create and view change requests in the IT Remediation Workspace and in the classic environment, assign them the itil role.

    See Vulnerability Response personas and granular roles and Assign the Vulnerability Response persona roles using Setup Assistant for more information about assigning persona roles to users and users to groups.

  3. Remediation tasks are automatically handed off to IT remediation assignment groups for processing when they are created.
    • By Assignment group
    • By Assignment group and configuration item
    • By Assignment group and vulnerability
    • None - Use this option if you want to add VIs manually to a remediation task.
      Note: For the version 18.0 of Vulnerability Response, the None option is not available.

    If you are upgrading from a previous version of Vulnerability Response, your assignment groups are preserved. However, you may prefer to edit these groups so that vulnerable items are associated with specific assignment groups until you get accustomed to how watch topics and remediation efforts work. For example, you can create assignment groups by product or region, but you can use any criteria that best suits your organization.

    You can also use assignment rules to assign remediation tasks to groups. You might prefer to run only high priority rules for the following items:
    • Items that need special handling
    • Items where risk is critical, or a VI requires handling by regulatory compliance
    The following assignment rules provided with the application are active by default:
    • Retired CI assignment rule
    • Assign to CI support group
    • Workstation Assignment Rule
    • Database Assignment Rule
    • Web Application Assignment Rule
    • Windows Server Assignment Rule
    • Non-windows Server Assignment Rule
    • Catch All Assignment Rule

    For more information about assignment rules, see Vulnerability Response assignment rules overview. You create and edit assignment rules in the classic environment.

  4. (Optional) Edit or create your remediation task rules.

    In the workspaces, remediation tasks are created when you create remediation efforts. You have the following options for bundling the vulnerable items in a remediation effort into remediation tasks:

    For more information about how VIs are automatically grouped and how the group rules are reapplied in the classic environment, see Vulnerability Response remediation tasks and remediation task rules overview.