Examples for remediation task creation in the Security Exposure Management Workspace

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 13분

    • When you create remediation tasks manually in the Security Exposure Management Workspace, records are grouped into a remediation task based on the grouping criteria you select.

    Consider the following example where 10 records are selected for remediation task creation. After providing the record selection details and a brief description, select the Grouping criteria according to your requirement and then select how you want to manage the records that are already part of existing remediation tasks.

    Remediation task creation based on the grouping criteria

    표 1. Vulnerable items selected for remediation task creation
    Vulnerable item id Existing remediation tasks Assignment group Configuration item Vulnerability Risk rating
    VIT10001 VUL10021, VUL10022 Remediation Manager APSVR-NY-1672 CVE-2018-9020 4
    VIT10002 - Vulnerability Response DEV-IBM-NY-682 CVE-2018-9020 2
    VIT10003 VUL10021 LDAP Admins DEV-IBM-NY-682 CVE-2012-5357 1
    VIT10004 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 4
    VIT10005 VUL10022 Vulnerability Response DEV-IBM-NY-682 CVE-2018-9020 2
    VIT10006 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 2
    VIT10007 - LDAP Admins DEV-SAP-SD-9388 CVE-2013-3906 1
    VIT10008 - LDAP Admins DEV-IBM-NY-682 CVE-2013-3906 1
    VIT10009 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 2
    VIT10010 - LDAP Admins DEV-SAP-SD-9388 CVE-2013-3906 4

    The following list shows how the records are grouped into remediation tasks based on the grouping criteria selected when creating the remediation task.

    Scenario1: Grouping criteria is selected as “Assignment group” and Managing records in other remediation tasks is selected as “Skip records for the new remediation tasks”
    The records with the same assignment group are grouped into one remediation task. The records that are already part of existing remediation tasks are not added to the new remediation tasks. Here, three remediation tasks are created, each containing the records that are assigned to the Remediation Manager, LDAP Admins, and Vulnerability Response assignment groups.
    표 2. Remediation task created in scenario 1
    Remediation tasks created Records in the remediation task
    Remediation task 1 - VUL10001 This remediation task contains the records that are assigned to the Remediation Manager assignment group:
    • VIT10004
    • VIT10006
    • VIT10009

    The VIT10001 record will not be moved to the VUL10001 remediation task.
    Remediation task 2 - VUL10002 This remediation task contains the VIT10002 record that is assigned to the Vulnerability Response assignment group.

    The VIT10005 record will not be moved to the VUL10002 task.
    Remediation task 3 - VUL10003 This remediation task contains the records that are assigned to the LDAP Admins assignment group:
    • VIT10007
    • VIT10008
    • VIT10010

    The VIT10003 record will not be moved to the VUL10003 remediation task.
    Scenario 2: Grouping criteria is selected as “Assignment group and configuration item” and Managing records in other remediation tasks is selected as “Transfer records to the new remediation tasks”
    The records with the same configuration item that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records are removed from their old remediation tasks and moved to the new remediation tasks. Here, five remediation tasks are created.
    표 3. Remediation tasks created in scenario 2
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10004 This remediation task contains the records that are assigned to Remediation owner assignment group and with APSVR-NY-1672 configuration item.
    • VIT10001

    The VIT10001 record will be removed from the VUL10021, and VUL10022 remediation tasks.
    Remediation task 2 - VUL10005 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with DEV-IBM-NY-682 configuration item.
    • VIT10002
    • VIT10005

    The VIT10005 record will be removed from the VUL10022 remediation task.
    Remediation task 3 - VUL10006 This remediation task contains the records that are assigned to LDAP Admins assignment group and with DEV-IBM-NY-682 configuration item.
    • VIT10003
    • VIT10008

    The VIT10003 record will be removed from the VUL10021 remediation task.
    Remediation task 4 - VUL10007 This remediation task contains the records that are assigned to Remediation Manager assignment group and with CRMBK-SD-4210 configuration item.
    • VIT10004
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10008 This remediation task contains the records that are assigned to LDAP Admins assignment group and with DEV-SAP-SD-9388 configuration item.
    • VIT10007
    • VIT10010
    Scenario 3: Grouping criteria is selected as “Assignment group and vulnerability” and Managing records in other remediation tasks is selected as “Keep records in both the current and new remediation tasks”
    The records with the same vulnerability that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records will be added to their respective new remediation tasks without being removed from their old remediation tasks.Here, five remediation tasks are created.
    표 4. Remediation tasks created in scenario 3
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10009 This remediation task contains the records that are assigned to Remediation owner assignment group and with CVE-2018-9020 vulnerability.
    • VIT10001

    The VIT10001 record will remain part of VUL10021, and VUL10022 remediation tasks as well.
    Remediation task 2 - VUL10010 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with CVE-2018-9020 vulnerability.
    • VIT10002
    • VIT10005

    The VIT10005 record will remain part of VUL10022 remediation task as well.
    Remediation task 3 - VUL10011 This remediation task contains the records that are assigned to LDAP Admins assignment group and with CVE-2012-5357 vulnerability.
    • VIT10003

    The VIT10003 record will continue to be part of the VUL10021 remediation task also.
    Remediation task 4 - VUL10012 This remediation task contains the records that are assigned to Remediation Manager assignment group and with CVE-2013-1710 vulnerability.
    • VIT10004
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10013 This remediation task contains the records that are assigned to LDAP Admins assignment group and with CVE-2013-3906 vulnerability.
    • VIT10007
    • VIT10008
    • VIT10010
    Scenario 4: Grouping criteria as “Assignment group and risk rating” and Managing records in other remediation tasks is selected as “Keep records in both the current and new remediation tasks”
    The records with the same risk rating that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records will be added to their respective new remediation tasks without being removed from their old remediation tasks. Here, five remediation tasks are created.
    표 5. Remediation task created in scenario 4
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10014 This remediation task contains the records that are assigned to Remediation owner assignment group and with 4 risk rating.
    • VIT10001
    • VIT10004

    The VIT10001 record will continue to be part of VUL10021and VUL10022 remediation tasks.
    Remediation task 2 - VUL10015 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with 2 risk rating.
    • VIT10002
    • VIT10005

    The VIT10005 record will continue to be part of VUL10022 remediation task.
    Remediation task 3 - VUL10016 This remediation task contains the records that are assigned to LDAP Admins assignment group and with 1 risk rating.
    • VIT10003
    • VIT10007
    • VIT10008

    The VIT10003 record will continue to be part of VUL10021 remediation task.
    Remediation task 4 - VUL10017 This remediation task contains the records that are assigned to Remediation Manager assignment group and with 2 risk rating.
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10018 This remediation task contains the records that are assigned to LDAP Admins assignment group and with 4 risk rating.
    • VIT10010