Key terms for the Vulnerability Response Workspaces

Vulnerability Response Workspaces, or workspaces

Vulnerability Response supports the Vulnerability Response Workspaces. You can either use the classic Core UI experience or the workspaces.

Classic (legacy) UI

Refers to the Core UI experience. You still perform some actions and view a few lists in the classic environment.

Vulnerability Manager Workspace

In this workspace, managers monitor targeted vulnerabilities and select the VIs and test results that they care the most about to assign to IT.

IT Remediation Workspace

In this workspace, IT teams can focus on the most important vulnerabilities that are assigned to them by security. IT-centric information that includes impacted, distinct configuration items (CIs), Solutions, and remediation progress is easily available for remediation owners in this workspace.

Vulnerability Assessment Workspace

In this workspace, vulnerability analysts can perform vulnerability assessment during the zero-day vulnerability analysis. After a zero-day vulnerability is identified, they can assess the potential impact and risk associated with the vulnerability. The analysts can analyze the affected system,applications, or network components to understand the severity and possible attack vectors within the organization.

Watch topic

Watch Topics define a segment of the vulnerable items that vulnerability managers and analysts want to monitor in the Vulnerability Manager Workspace. Watch topics show a focused overview set of reports that pertain to a segment of VIs and test results with trending, CI, and vulnerability-related statistics. The dashboards on these topics can be used to monitor trends. The dashboards can also help managers:

• View remediation progress on critical items
• Determine the existence of vulnerabilities on critical systems
• See when a new exploit comes out
• Drive rapid response for resolving a particular set of vulnerabilities

Remediation effort (RE)

Remediation efforts are created by vulnerability managers when they determine it is time for IT to fix the vulnerabilities listed in a watch topic. Vulnerability managers and analysts can choose how they want to create remediation tasks, by assignment group and vulnerability, for example. Remediation tasks are contained in the remediation effort.

Remediation task (VUL)

IT teams use remediation tasks to remediate the vulnerabilities assigned to them by security. Remediation tasks are lists of the actions that are required to fix vulnerabilities. Remediation tasks are created automatically when security managers create remediation efforts.

Development of the Workspaces

Vulnerable items were sorted into remediation tasks automatically according to your pre-defined remediation task rules. Remediation tasks were designed to support IT teams with remediating manageable chunks of vulnerable items.

This automation made it possible to group very large numbers of records automatically for bulk assignment and remediation. However, vulnerability analysts and managers found monitoring the whole set of records from remediation tasks challenging. In addition to performance problems with large groups, creating functional remediation task rules that filtered out only the vulnerabilities you that you found most critical can be difficult.

Updates to remediation tasks in the workspaces

In the Vulnerability Manager workspace, vulnerability analysts and managers use Watch Topics and Remediation Efforts as two new methods for monitoring and assigning VIs for remediation.

Vulnerability groups are renamed, Remediation Tasks. This change applies to labels on lists, records, and rules in both the legacy UI and the workspaces. Remediation tasks are set up so that IT teams can work with them in the IT Remediation Workspace. The following list illustrates how as a vulnerability manager or vulnerability analyst, you might monitor vulnerabilities and test results, filter them, and assign them:

1. In the Vulnerability Manager Workspace, managers monitor imported vulnerabilities and misconfigurations on watch topics. Managers and analysts use watch topics to monitor a dynamic set of filtered records over time that they think are the most critical.
2. With watch topics, security managers can determine when and what kind of VIs to hand off to IT teams in Remediation Efforts (REs). These REs are static lists of the VIs that security wants to IT teams to fix.

   From remediation efforts, managers have four options for how to bundle records into Remediation Tasks (VULs, AVULs, CVULs, or CRGs). Remediation tasks are automatically assigned to IT teams based on the assignment groups that are originally associated with the records.

3. IT teams work on remediation tasks in the IT Remediation Workspace without having to sort through all of the records.

   A remediation task transitions through the same states as the remediation task does in previous versions of Vulnerability Response. When all the records in a remediation task are closed, the remediation task is closed and is set to Inactive.

   Remediation progress is updated on data visualizations on the watch topics and on the IT remediation Home page.

Updates to remediation task rules in the workspaces

Vulnerability Group Rules are called Remediation Task Rules. This change applies to the labels on lists, records, and rules in both the legacy UI and the workspaces.

Table names, for example, [sn_vul_m2m_vul_group_item], are not changed.

If you have created vulnerability groups rules in a previous versions of Vulnerability Response, they are still available to you labeled as remediation task rules.

However, in the workspaces, remediation task rules are no longer used as the primary method of organizing a large volume of records into remediation tasks. You might prefer to leave your remediation task rules inactive as you get used to the workspaces.

You might prefer instead to incrementally start using the Vulnerability Response Workspaces.

1. If you are upgrading from a previous version of Vulnerability Response your existing remediation task rules are preserved. They are still available to you in the workspaces. The default group rule, Vulnerability, is inactive by default.
2. Configure assignment rules, and, perhaps if you want, risk rules, and then perform an import.
3. As a vulnerability manager or analyst, you can pick segments to monitor from the watch topics in the Vulnerability Manager Workspace. You can use watch topics as standalone features. Pick any subset of records and use the dashboard on them to monitor trends. With them, you can decide where and when to focus remediation efforts.
4. As a vulnerability managers or analyst, you create remediation efforts from watch topics when you decide it is time to remediate a subset of records. A remediation task is also created automatically to hand off to IT when you create a remediation effort.
5. Over time, as a vulnerability manager or analyst, you might discover some routine patterns that you can handle with remediation tasks rules automatically.

To view your remediation task rules, navigate to respective Remediation Task Rules modules in Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance from the All menu.

More on assignment rules, remediation task rules, remediation efforts, and vulnerable items in the Vulnerability Response Workspaces

• Remediation Task records are displayed on lists and records in both the classic environment and in the workspaces.
• A remediation task transitions through the same states as a vulnerability group. When all the records in a remediation task are closed, the remediation task transitions to the Inactive state.
• To help your teams with remediation, a vulnerable item can only be in one remediation effort. Once it is in a remediation effort, a vulnerable item won’t be added to any other remediation efforts that you create.
• If you delete a remediation effort, the remediation effort becomes inactive and any active VIs are available for new remediation efforts.
• A record (VIT, AVIT, CVIT or CTR) can be in multiple remediation tasks.
• Remediation tasks are assigned automatically to IT teams based on the assignment group that is associated with a vulnerable item in a remediation effort. If you create a remediation task on-demand, you select the assignment group.
• If you are an upgrading from a previous version of Vulnerability Response, your assignment rules have been preserved in the legacy UI.
• If you are an upgrading from a previous version of Vulnerability Response, your current users and groups are inherited and accessible to you in the workspaces.

For more information about the life cycles of remediation efforts, see Life cycles of remediation efforts, remediation tasks, and records in the Vulnerability Response Workspaces.

Configuration and setup for the Vulnerability Response Workspaces

For more information on assignment rules and remediation task rules, see Configure the Vulnerability Response Workspaces and .

If you are a new customer and you’ve not already added them, you must set up users and groups so that vulnerable items and remediation tasks are assigned to the remediation groups that you want. Vulnerability Response assignment rules are used to assign work to groups.