Removing assignments from container vulnerable items and remediation tasks
Summarize
Summary of Removing assignments from container vulnerable items and remediation tasks
This functionality allows users to clear the Assigned to and Assignment group fields for container vulnerable items (CVITs) and remediation tasks (CVULs) if they are incorrectly assigned. Users can do this directly from the respective records in both classic and workspace views. If these records are deemed outside the user's remediation scope, they can unassign themselves or their groups.
Show less
Key Features
- The Unassign UI action is available for CVITs and CVULs that are not in the Closed or Resolved state.
- Users can submit requests for approval to clear assignments, which can be tracked in the My Approvals list for designated approvers.
- When a CVUL’s unassign request is approved, all CVITs under the same assignment group are unassigned, excluding those with different assignment groups.
- System properties allow customization of the approval process and assignment group notifications.
Key Outcomes
By effectively managing assignments, users can ensure that only relevant individuals or groups are responsible for remediation tasks. This contributes to improved workflow efficiency and clarity regarding task ownership. Additionally, customizing system properties allows for tailored approval processes and notification settings, enhancing overall management of container vulnerabilities.
You can clear the Assigned to and Assignment group fields on container vulnerable items directly from the container vulnerable item and remediation task records that you determine might be incorrectly assigned to you or your groups.
Overview for the workflow
If you determine that container vulnerable items (CVITs) and remediation tasks (CVULs) aren't within your scope for remediation, or if you think that records have been incorrectly assigned to you or to your groups, you can remove yourself or your groups from the Assigned to and Assignment group fields on CVIT and CVUL records.
The unassign workflow is supported in workspace and both classic and workspace views for CVITs and CVULs.
You have the option to send requests to clear the assignment fields for approval. See Approve or reject an unassign request in Vulnerability Response.
- The Unassign UI action is displayed on CVIT and CVUL records in any state other than the Closed or Resolved.Note:After the request to clear the fields is approved for a CVUL, all the Assigned to and Assignment group fields on CVITs that have the same assignment group are unassigned. If any CVIT on a CVUL has a different assignment group than its associated CVUL, it is not unassigned. In most cases these CVITs have been manually assigned. See Container Vulnerability Response remediation tasks and task rules overview and Removing assignments from vulnerable items and remediation tasks for more information.
- Any records that you update with either the UI action or manually are displayed on the Unassigned module for Container Vulnerability Response.
See Remove assignments from vulnerable items for you or your groups for more information about the steps for how to clear the assignment fields.
System properties and approval notifications
If a remediation owner selects Unassign on a record, by default, the sn_vul.unassign_vr.approval_required system property triggers the approval flow and creates a state change approval record in the Review state, and the request is routed for approval. The request is displayed on the My Approvals list for users with the sn_vul_container.unassign_approver.
Additionally, you can change the value in the sn_vul.default_assignment_group system property so if the assignment fields are cleared, a specific group is assigned. For example, if a user clicks Unassign on a record and you want to redirect it to a specific group for review, you can add the system ID for the group of your choice in the value field of the system property.