Create, edit, and delete Application Vulnerability Response remediation task rules

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:8分

    • You can create rules to automatically group application vulnerable items (AVI) into remediation tasks (AVUL) based on filter conditions. These rules automatically group AVIs as they're imported or manually created.

    始める前に

    If you create a new rule, it doesn't apply to existing data. After you submit it, it's run against new imports.

    Role required: sn_vul.app_sec_manager

    手順

    1. Navigate to All > Application Vulnerability Response > Administration > Remediation Task Rules.
    2. Open the rule or select New.
    3. Fill in the fields on the form or edit them.
      表 : 1. Remediation Task Rule
      Field Description
      Name Name of the task rule.
      Active Indicates whether the task is active.
      Description Description of the rule.
      Case sensitive Determines whether a condition is case sensitive or not.
      注:
      The default value is case insensitive.
      Condition

      Optional filter conditions for the rule.

      By default, (Case sensitive check box not selected), the search text you enter in the condition builder on task rules records and forms isn't case-sensitive. You have the option to enable case-sensitive searches on task records and forms.

      An example condition is Vulnerability > is > VULNENT123451 (a known imported vulnerability). Any AVIs that have this vulnerability match this condition.
      Group by (up to six condition sets are available)
      Group application vulnerable items from The table the rule uses to group AVIs.
      Select the elements from the tree:
      • Application Vulnerable Item [sn_vuln_vulnerable_item]
      • Application Vulnerable Item Configuration Item [cmdb_ci]
      • Application Vulnerable Item Application Vulnerability [sn_vul_third_party_entry]
      • Application Vulnerable Item Product Model
      注:
      If you choose an extended table, the Using field is applied only for application vulnerable items that use that extended table.
      Using field

      Field on the table that the rule uses to group AVIs. Select conditions from the tree.

      注:
      You can create group by conditions so that not all the AVIs that share data are assigned to the same remediation task. For example, if you select Assignment group and IP Address as the Using fields, and multiple AVIs match the initial filtering condition Vulnerability, these AVIs can be assigned to distinct assignment groups for remediation using the many options available in the Group by section. The Group by conditions give you the flexibility to create distinct remediation tasks that can be assigned to different group even if they share some data.
      Assignment
      Assign remediation tasks by

      When automatically assigning remediation tasks, the Assignment choice is used in addition to the Group By choices to group the vulnerable items. New tasks are created, as needed, so that each AVI is placed in a task with a matching assignment group set.

      To automate the assignment of tasks created based on this rule, choose one of the options available.
      • Group by field: If you selected any user group field from the Using field values in the Group bysection, they appear in the drop-down menu.
      • User Group: Use the lookup list to select a static user group.

      if you delete a rule from either the form or list view, you have the option to delete all Open remediation tasks created by that rule. Groups not in the Open state are excluded.

    4. Select Submit for new rules.
      After you select Submit, your rule is displayed on the Remediation Task Rules list [sn_vul_grouping_rule]. The following situations initiate your rule.
      • When new AVIs are created.
      • When you select Reapply. You select Reapply to evaluate task rules on existing remediation tasks only.
      • When AVIs are updated, either by you or by the system.
        If an AVI is updated, task rules are evaluated for matches to existing remediation tasks. Some common updates that initiate a rules check are:
        • When the State changes from Closed to Open, or from Closed to Under Investigation.
        • The configuration item (CI) is changed.
        • The vulnerability is changed.

      The system checks all the task rules for matches to the updated AVI. If the conditions of a rule match the conditions of a remediation task, matching AVIs are assigned to it.

      If no match is found, a new remediation task is created.

      For more information about state roll up from AVIs to remediation tasks and state roll down from remediation tasks to AVIs, see Application Vulnerability Response remediation tasks and task rules overview.

      For an example of a remediation task rule, see Application Vulnerability Response remediation task rule examples.

    5. To delete a task rule, select the rule from the Remediation Task Rules list and select Delete.
      The following message is displayed: The selected remediation task rule created n remediation tasks. Of the remediation tasks, n are in the Open state..
      Option Description
      Check box deactivated (default). Only delete the rule. Tasks not in the Open state are excluded.
      Check box selected. Include the remediation tasks in the Open state when you delete the remediation task rule. Delete the rule and any remediation tasks in the Open state.
    6. Choose one option and select Delete.