Application Vulnerability Response product view

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Application Vulnerability Response Product View

    The Application Vulnerability Response (AVR) product helps organizations manage and understand application vulnerabilities detected by security testing tools. It provides a comprehensive view of the security posture of all applications, facilitating risk reduction through effective remediation workflows.

    Show full answer Show less

    Key Features

    • Integration with CSDM 4.0: AVR v19.0 aligns with the Common Service Data Model (CSDM) framework, utilizing Product Model tables for vulnerability lookups instead of the previous Scanned Applications table.
    • Updated Terminology: Key terms and field names have been revised to enhance clarity, ensuring smoother navigation and understanding within the product.
    • System Property Configuration: Users must set the system property snvul.useproductmodel to true for product model-based lookups, which allows for more accurate vulnerability management.
    • Lookup Rules: New lookup rules can be created either using configuration items or product models, providing flexibility in data management.

    Key Outcomes

    By implementing AVR, customers can expect improved visibility into their application vulnerabilities, streamlined remediation processes, and enhanced alignment with the CSDM framework. Proper configuration of system properties and lookup rules will ensure optimal performance and accuracy in vulnerability tracking.

    The Application Vulnerability Response (AVR) product ingests the weaknesses and vulnerabilities detected by your application security testing tools and provides a single pane of glass to understand the security posture of all the applications in your environment.

    AVR enables you to reduce the risks with the remediation workflows. The objective of this product view is to help you understand how AVR key entities work with the core CSDM framework.

    Updated terminology

    Starting with AVR v19.0, the following key table and column names have been updated. As a result, you will see references to both the older and newer names in the documentation.

    Table 1. Updated list of terms, table, and field names for AVR
    Prior to AVR v19.0 Starting from AVR v19.0
    CI lookup rules Lookup rules
    CI lookup rule form Lookup rule form
    CI matching rule Matching rule
    Search on table Search on CI table
    Search on field Search on CI field
    Application release Discovered applications
    Application release table Discovered applications table
    Business criticality Source business criticality

    Prerequisites

    Install the latest versions of the following applications:
    • Security Support Common
    • Vulnerability Response
    • Security Integration Framework
    • Security Support Orchestration
    • Scanner integrations such as Veracode and Fortify

    AVR and CSDM 4.0

    Prior to AVR v19.0, when application vulnerabilities were ingested, the application for which the vulnerabilities were ingested were looked up using the CI lookup rules, against the Scanned Applications (sn_vul_app_scanned_application). If the application name record was not there, an entry would be made.

    Starting from AVR v19.0, to align with the CSDM 4.0 framework, the Product Model tables are used instead of the Scanned Applications table. If the application has the version, the lookup is against the Software Model table. If there is no version, the lookup is against the Application Model table. Both Application Model and Software Model are child tables of the Product Model table, that is the foundation table in CMDB. The following screenshot explains the Product Model.

    System property

    To use the CSDM 4.0 product model-based lookup process, set the system property sn_vul.use_product_model to true.

    Table 2. System property considerations
    System property name System property value Lookup target value Considerations
    sn_vul.use_product_model true Select the value Product model New users should select the value Product model to use the CSDM 4.0 framework's Product model lookup rules.
    false Select the value Configuration item Existing users can continue using the CI lookup process and the existing CI lookup rules.
    Note:
    To set the lookup target value, navigate to the Lookup Rule page > [AVR integration lookup rule] > Lookup target field.

    Lookup rules in AVR

    In the CSDM 4.0 framework, product model-based lookup rules are used instead of CI lookup rules to create entries into the respective product model classes. Similarly for scripts, you can define the lookup rules within the framework of the CSDM 4.0 model.

    Starting from AVR v19.0, while creating a lookup rule, you must define whether you want to use the configuration item or product model approach using the Lookup target field. For more information, see Create a CI lookup rule.

    Discovered applications

    Navigate to All > Discovered Applications. The Discovered Applications table displays the applications ingested from the scanners. If the system property sn_vul.use_product_model is set to true, you can see the corresponding product models for the applications.

    AVR considerations

    Presence of duplicate CI or product model records

    Verify that the system property sn_vul.use_product_model has been correctly configured for the lookup process. Ensure that you select either Configuration item or Product model as the Lookup target while configuring the Lookup rule form.