Components installed with Configuration Compliance

  • Release version: Xanadu
  • Updated August 1, 2024
  • 7 minutes to read

    • Several types of components are installed with activation of the Configuration Compliance plugin, including tables and user roles.

    Starting with v15.1.5 of Configuration Compliance, the most frequently used system properties are now accessible within the Configuration Compliance application. To view these system properties, navigate to AllConfiguration ComplianceProperties.

    Note:
    The Application Files table lists the components that are installed with this application. For instructions on how to access this table, see Find components installed with an application.

    Demo data is available for this feature.

    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    View filtered lists for components installed with an application

    Filter the Applications Files table so that only the roles, scheduled jobs, and tables that are installed with an application are displayed. The application you want to view these components for should be installed so that its files are loaded onto the instance and into the metadata table. Follow these steps to view filtered lists from the Applications Files table.

    1. In the filter navigator, enter sys_metadata.list to navigate to the metadata table.
    2. Select the condition builder (filter icon), and select, Application > is followed by the name of your application. For example, Application > is > Vulnerability Response.
    3. In the condition builder, to add a second filter, select AND, then select, Class > is a and choose one of the following classes from the list: Role, Scheduled job, or Table.
    4. Select Run.

    The results for the class you selected are displayed in a filtered list.

    Roles installed

    Role title [name] Description Contains roles
    Configuration Compliance administrator

    [sn_vulc.admin]

    		 Able to modify application property, configuration, update rules, integrations of Configuration Compliance application. Starting with v15.0, an admin user cannot delete source records such as Expliots, CVEs, etc. sn_vulc.write
    Note:
    Inherits the roles that are required for the administration of the records of the Configuration Compliance application.
    read

    [sn_vulc.read]

    		 Read lists and records in Configuration Compliance. sn_sec_cmn.calc_read
    write

    [sn_vulc.write]

    		 Write lists and records in Configuration Compliance.
    • sn_vulc.read
    • sn_vulc.remediation_owner
    write assignment

    [sn_vulc.write_assignment

    		 Write to Test Result assignment fields. Contained in the sn_vulc.remediation_owner role.
    remediation owner

    sn_vulc.remediation_owner

    		 View and update permission for test results assigned to you or your group.

    Contained in the itil role.

    Contains:
    • sn_sec_cmn.read
    • sn_vulc.write_assignment
    CC.System

    sn_vulc.import_admin

    		 Runs all scheduled jobs in configuration compliance application.
    Note:
    This user is the default run-as user for every scheduled job in configuration compliance.
    • sn_vulc.write
    • import_admin
    • sn_vul_tenable.read_integration
    VRCommon.System

    sn_vul_cmn.admin

    		 Default run-as user for all scheduled jobs in Vulnerability Response common application.
    • sn_vul_cmn.write
    • sn_sec_cmn.admin
    • report_admin
    SecCommon.System

    sn_sec_cmn.admin

    		 Default run-as user for all scheduled jobs which are used for the background jobs capability in Security support common application
    • sn_sec_cmn.int_write
    • sn_sec_cmn.write
    • workflow_admin
    • sn_sec_cmn.calc_write
    • sn_sec_core.read_dictionary
    • sn_sec_cmn.manage_approval_rules
    • sn_sec_int.admin
    • sn_sec_cmn.cap_email_write
    • sn_sec_cmn.manage_classification_rules
    • sn_sec_cmn.manage_background_job
    V14.7: sn_vulc.edit_watch_topic Edit watch topics for Configuration Compliance. sn_vulc.read_watch_topic
    V14.7: sn_vulc.read_watch_topic Read watch topics for Configuration Compliance. cmdb_read
    V14.7: sn_vulc.create_watch_topic Create watch topics for Configuration Compliance. sn_vulc.read_watch_topic
    sn_vulc.auditor Allow read for all configuration compliance modules

    sn_vulc.read

    sn_vulc.advanced_read
    sn_vulc.advanced_read Allow read for all the configuration compliance administration modules

    sn_vulc.read_auto_close_rules

    sn_vulc.read_exception_configuration

    sn_vulc.read_assignment_rules

    sn_vulc.read_task_rules

    sn_vulc.read_auto_exception_rule

    sn_vulc.read_notifications

    sn_vulc.read_risk_score_configuration

    sn_vulc.read_test_criticality_mapping

    sn_sec_cmn.read_approval_rules

    sn_vulc.read_auto_delete

    sn_vulc.read_remediation_target_rules
    sn_vulc.read_test_criticality_mapping Allow read for test criticality mapping
    sn_vulc.read_task_rules Allow read for remediation task rules
    sn_vulc.read_assignment_rules Allow read for assignment rules
    sn_vulc.read_risk_score_configuration Allow read for risk score configuration
    sn_vulc.read_auto_close_rules Allow read for auto close configuration
    sn_vulc.false_positive_approver Allows approving /rejecting closing remediation tasks as false positive
    V15.0: sn_vulc.delete Deletes source records.

    Scheduled jobs installed

    Scheduled job Description
    V15.0: Update test group on configuration tests Updates test group on tests for Tenable and Microsoft Defender source. This is an one-time job.
    V15.0: Populate existing test result fields Updates values into newly added columns (such as Age, Age closed, Active, etc) in the test results table, saved filters and modules. This is an one-time job.
    V15.0: Populate Vulnerable CIs table - Delete and Re-populate for Test Results Populates total records in the Vulnerable CIs table. This is an one-time job.
    Version 12.0

    Calculate remediation metrics for all the test results groups

    		 Calculates and updates values for status metrics on remediation task records.
    Version 12.0:

    Calculate remediation metrics for all the test results

    		 Calculates and updates values for status metrics on test results records.
    Version 12.0:

    Change Request State Synchronization

    		 On-demand job that synchronizes the states of all existing remediation tasks (RTs) with change requests (CHGs). As a change request moves through its life cycle, it also moves the states of any related remediation tasks automatically. Enables state synchronization going forward.
    Version 11.1:

    Check Test Result Groups Deferment

    Expiration    		 Sends notifications if remediation tasks have expired (and if they expire in one week).
    Configuration Compliance CI count Populates distinct configuration item (CI) count and the 90 day rolling average in the Configuration Item Count [sn_vulc_cc_configuration_item_count] table.
    Version 11.1: Evaluate and notify remediation targets Sets or updates remediation target dates on all test results. Determines the status of remediation target dates against rules. Sends notifications
    V14.7: Insert Test Result Groups Into Unified Remediation Task One-time scheduled job to insert all the remediation tasks created in the classic UI into the Unified remediation task (sn_vul_remediation_task).
    Version 12.0:

    Populate CR-TRG m2m for CR and CR-Parent

    		 Populates change requests on remediation tasks.
    Removed in v11.1: Re-open deferred test result groups
    Note:
    Deprecated for versions prior to 11.1. Do not use.
    		 Reopens deferred groups when the due-date has passed.
    Reapply all assignment rules Reapplies all assignment rules.
    Version 14.3: Reassignment count for assignment rules Runs daily and posts the total number of test results and remediation tasks that are unassigned by this feature for a particular assignment rule.
    Reassess the state of the test result groups Reassesses the state of remediation tasks for entries where assess_state is false. Runs every 15 minutes.

    Rollup test result risk score to test result group and configuration test

    		 Runs hourly and calculates the rollup scores for the changed configuration tests and remediation tasks.
    • Calculates rollup risk score for all tests in sn_vulc_test_manifest and deletes the manifest record upon completion.
    • Calculates the rollup risk score for all the tests in sn_vulc_result_group_manifest and deletes the manifest upon completion.
    Version 12.0:

    Update policy remediation metrics

    		 Starting with v15.0 of Configuration Compliance, this scheduled job has been renamed to Update remediation metrics.
    • Calculates and updates values for status metrics on policy records.
    • Calculates test result compliance % of a CI on Discovered Item.
    Version 14.3: Set deferral counts Collects the number of times a test result or a remediation task is deferred.

    Update Risk Rating for Test Results

    		 Updates Risk Rating for Test Results.

    Update Rollup risk score for all non closed Result groups and Configuration tests.

    		 Updates the rollup risk score for all non-closed Result groups and Configuration Compliance tests.

    Tables installed

    Table Description

    Assignment Rule

    [sn_vulc_assignment_rule]

    		 Contains the set of rules evaluated to set the assignment group on test results.

    Authoritative Source

    [sn_vulc_auth_src]

    		 Store imported authoritative sources.

    Calculator

    [sn_vulc_calculator_risk_score]

    		 Contains the calculator that sets certain test result fields when certain conditions are met.
    CC Configuration Item Count

    [sn_vulc_cc_configuration_item_count]

    		 Contains the total number of configuration items.
    Version 12.0: Change request association

    [sn_vulc_action_associate_cr]

    		 Staging table used for associating change requests to remediation tasks.
    Version 12.0: Change request creation

    [sn_vulc_action_create_cr]

    		 Staging table used for creating change request forms.
    Version 12.0: Change request form

    [sn_vulc_cr_form]

    		 Base table for change request management.

    Citation

    [sn_vulc_citation]

    		 Contains imported citations

    Configuration Test

    [sn_vulc_test]

    		 Contains imported configuration test data.

    Configuration test manifest

    [sn_vulc_test_manifest]

    		 Contains the configurations tests for which the rollup risk score needs to be calculated.
    Version 12.2 Missing asset table [sn_vul_missing_asset] Contains temporary asset records for imported configuration compliance assessment data with unmatched assets.

    Configuration Test Technology

    [sn_vulc_test_technology]

    		 Contains imported configuration test technologies.
    Group Rule

    [sn_vulc_grouping_rule]

    		 Contains the rules that define the criteria with which groups are automatically created for a set of test results.

    Policy

    [sn_vulc_policy]

    		 Contains imported policies.

    Policy Configuration Test

    [sn_vulc_policy_test]

    		 Contains imported policy configuration test data.

    Remediation Target Rule

    [sn_vulc_ttr_rule]

    		 Defines the expected time frame for remediating a test result.

    Risk Calculators

    [sn_vulc_calculator_group]

    		 Contains the grouping of Configuration Compliance calculators. The order of the calculator group determines which group is evaluated first, and in each group, one calculator at most is used.

    Risk Score Rollup Calculator

    [sn_vulc_risk_score_rollup]

    		 Contains rollup calculator configurations.

    Split test result group

    [sn_vulc_action_split_trg]

    		 Staging table used for splitting remediation tasks.

    State Change Approval

    [sn_vulc_state_change_approval]

    		 Contains approval state process data.

    Technology

    [sn_vulc_technology]

    		 Contains imported technologies.

    Test Criticality Map

    [sn_vulc_test_criticality_map]

    		 Contains criticality map data.

    Test Result

    [sn_vulc_result]

    		 Contains imported test results.

    Test Result Group

    [sn_vulc_result_group]

    		 Contains imported remediation tasks.
    Version 12.0:

    Test Result Group Change Requests

    		 Contains change requests for remediation tasks.

    Test result group manifest

    [sn_vulc_result_group_manifest]

    		 Contains the remediation tasks for which the rollup risk score needs to be calculated.

    Test Result Groups

    [sn_vulc_m2m_result_result_group]

    		 Contains remediation task data.

    Test Result History

    [sn_vulc_result_history]

    		 Contains imported test result history.

    Test Result Remediation Status

    		 Status of the test result against the closest applied remediation target rule.
    V14.7: Watch Topic Test Counts

    [sn_vulc_wt_test_counts]

    		 Cache table for the Distinct Configuration Tests tab in the Vulnerability Manager workspace.