Create, edit, and delete Container Vulnerability Response remediation task rules
You can create rules to automatically group container vulnerable items (CVIT) into remediation tasks (CVUL) based on filter conditions. These rules automatically group CVITs as they're imported or manually created.
시작하기 전에
If you create a new rule, it doesn't apply to existing data. After you submit it, it's run against new imports.
Role required: App-Sec Manager
프로시저
- Navigate to All > Container Vulnerability Response > Administration > Remediation Task Rules..
- Open the rule or select New.
-
Fill in the fields on the form or edit them.
표 1. Remediation Task Rule Field Description Name Name of the task rule. Active Indicates whether the task is active. Description Description of the rule. Case sensitive Determines whether a condition is case sensitive or not. 주:The default value is case insensitive.Condition Optional filter conditions for the rule.
By default, (Case sensitive check box not selected), the search text you enter in the condition builder on task rules records and forms isn't case-sensitive. You have the option to enable case-sensitive searches on task records and forms.
An example condition is Vulnerability > is > VULNENT123451 (a known imported vulnerability). Any CVIT that have this vulnerability match this condition.
Group by (up to six condition sets are available) Group container vulnerable items from The table the rule uses to group CVITs. Select the elements from the tree:- Container Vulnerable Item [sn_vuln_vulnerable_item]
- Container Vulnerable Item - Docker Image
- Container Vulnerable Item – Container Vulnerability
주:If you choose an extended table, the Using field is applied only for application vulnerable items that use that extended table.Using field Field on the table that the rule uses to group CVITs. Select conditions from the tree. Assignment Assign remediation tasks by When automatically assigning remediation tasks, the Assignment choice is used in addition to the Group By choices to group the vulnerable items. New tasks are created, as needed, so that each CVIT is placed in a task with a matching assignment group set.
To automate the assignment of tasks created based on this rule, choose one of the options available.- Group by field: If you selected any user group field from the Using field values in the Group by section, they appear in the drop-down menu.
- User Group: Use the lookup list to select a static user group.
주:if you delete a rule from either the form or list view, you have the option to delete all Open remediation tasks created by that rule. Groups not in the Open state are excluded. -
Select Submit for new rules.
After you select Submit, your rule is displayed on the Remediation Task Rules list [sn_vul_grouping_rule]. The following situations initiate your rule.
- When new CVITs are created.
- When you select Reapply. You select Reapply to evaluate task rules on existing remediation tasks only.
- When CVITs are updated, either by you or by the system. If an CVIT is updated, task rules are evaluated for matches to existing remediation tasks. Some common updates that initiate a rules check are:
- When the State changes from Closed to Open, or from Closed to Under Investigation.
- The configuration item (CI) is changed.
- The vulnerability is changed.
The system checks all the task rules for matches to the updated CVIT. If the conditions of a rule match the conditions of a remediation task, matching CVITs are assigned to it.
If no match is found, a new remediation task is created.
For more information about state roll up from CVITs to remediation tasks and state roll down from remediation tasks to CVITs, see Container Vulnerability Response remediation tasks and task rules overview.
For an example of a remediation task rule, see Application Vulnerability Response remediation task rule examples.
-
To delete a task rule, select the rule from the Remediation Task Rules list and select Delete.
The following message is displayed: The selected remediation task rule created n remediation tasks. Of the remediation tasks, n are in the Open state.
Option Description Check box deactivated (default). Only delete the rule. Tasks not in the Open state are excluded. Check box selected. Include the remediation tasks in the Open state when you delete the remediation task rule. Delete the rule and any remediation tasks in the Open state. - Choose one option and select Delete.