Add proof as a vulnerable item (VI) key for the Rapid7 VIs. Including the proof for specific vulnerabilities enables the Rapid7 scanner integration to create VIs for each proof received from Rapid7.

A VI key is the combination of vulnerability, configuration item (CI), and integration instance. Splitting detections into different VIs based on proof creates multiple VIs. You can assign the vulnerabilities to the appropriate remediation owners.

For example, there might be two detections with the same vulnerability and CI, but with different proofs, leading to the creation of one VI. Starting from Vulnerability Response V17.1, you can identify and remediate vulnerabilities by adding proof as the VI key.

You can add the proof as a VI key in the following way:

Navigate to All > Vulnerability Response > Administration > Configure VI granularity and select the option to include proof.

Use case: Including proof in VI key for existing VIs or splitting existing VIs based on detection proof

To create VIs based on proof, you can use the R7 log4j vulnerabilities. For example, you can use one of the multiple R7 log4j vulnerabilities such as R7-apache-log4j-core-cve-2021-44228, R7-amazon_linux-cve-2021-44228, or R7-amazon-linux-ami-2-cve-2021-44228.

If all the detections in a VI have the same proof, then the existing VI is updated to include 'Proof in the VI Key (external_id)'. If there are multiple detections with different proofs, then the existing VI is closed. The detections are split across the new VIs with 'Proof in the VI Key (external_id)'.