Use watch topics in the Vulnerability Manager Workspace

  • Release version: Xanadu
  • Updated August 1, 2024
  • 4 minutes to read

    • Use watch topics in the Vulnerability Manager Workspace to view vulnerabilities and misconfigurations that are filtered from your imported data from the criteria that you set. Use this information to determine how the vulnerabilities and misconfigurations in each watch topic can impact your environment.

    Before you begin

    Role required:
    • sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs)
    • sn_vul.app_sec_manager for application vulnerable items (AVITs)
    • sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs)
    • sn_vulc.admin for configuration test results (TRs)

    About this task

    From the Watch Topics page, you can do the following tasks:
    • Monitor the number of remediation efforts and records (VITs, AVITs, CVITs and TRs) to see the progress of your vulnerability remediation.
    • Edit or delete your existing watch topics and create watch topics.
    • Create the remediation efforts and automatically hand off the remediation tasks to your IT teams for only the vulnerabilities that you want to fix.
    Note:
    Starting with v19.0 of Vulnerability Response, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v19.0 Terminology v19.0 onwards
    Test Result Groups Remediation Tasks
    Configuration Issues Configuration Test Results
    Policy Test group

    Procedure

    1. Navigate to All > Vulnerability Response > Vulnerability Manager Workspace.
    2. Select the watch topics icon.
    3. Select a watch topic in the Host Vulnerabilities, Container Vulnerabilities, Application Vulnerabilities or Configuration Test Results tabs on the Watch Topics page.

      When you select a watch topic, the Overview tab is displayed by default.

      For more information on the watch topics, see Watch Topics page in the Vulnerability Manager Workspace.

      Figure 1. Version 19.0 Overview tab in the Vulnerability Manager Workspace home page
      Version 19.0 Vulnerability Manager Workspace Home page

      The dashboards are dynamic and new vulnerability data updates upon import.

    4. Select a Related Items tab to view more data.

      For more information on the related items list and visualizations in a watch topic, see Related items list and visualizations in a watch topic.

    5. Do the UI actions on the Watch Topics page.
      UI actionDescription
      Create a watch topic Create your own watch topic by using your own set of conditions for the vulnerabilities that you feel are important. For more information on how to create a watch topic, see Create a watch topic in the Vulnerability Manager Workspace.
      Edit or delete an existing Watch Topic

      For more information on how to edit or delete a watch topic, see Edit or delete a watch topic in the Vulnerability Manager Workspace.
      Deactivate or activate a watch topic

      You can deactivate or activate a watch topic. For more information on how to deactivate or activate a watch topic, seeDeactivate or activate a watch topic.
      Refresh a watch topic You can acquire the latest details of a watch topic by selecting the Refresh button. The latest refresh status and timestamp are displayed under the watch topic name.
      • A watch topic is refreshed automatically when it is created or updated.
      • When you refresh a watch topic, all the details of the watch topic, including the charts and remediation efforts are updated.
      Note:
      Because you can't refresh an inactive watch topic, the Refresh button is inactive for an inactive watch topic.
      Create a remediation effort
      • Create a remediation effort. A remediation effort contains the remediation tasks that are assigned to your IT teams. You can use this tool to drive and track the remediation progress from assignment through resolution.
      • When you create a remediation effort, all the active vulnerable items are automatically pulled in if they aren’t already part of an existing remediation effort for that watch topic.
      • Remediation tasks are assigned to IT teams automatically based on the VI assignment group.
      • An example of a remediation effort from the Vulnerabilities on Windows Servers watch topic might be, Vulnerabilities on Windows Servers in Q2 2021. The remediation tasks in this effort are then assigned to the assignment groups that are listed on the associated records.
      Create a recurring effort Create recurring remediation efforts on a schedule that helps you to track the vulnerabilities that might require your immediate and ongoing attention. For more information on the recurring effort creation, see Create a recurring remediation effort in the Vulnerability Manager Workspace.
      Note:
      You can't create a recurring effort for an inactive watch topic.
      Refine filters for a column on a list Roll over the title of a column and click the three vertical dots menu to set the filters for that column.

      For example, let's say that you want to do more filtering on your configuration items that are associated with the records. You can select the Configuration Item column to view the available filter conditions. You may want to set conditions to filter your assets so that you see only those assets that contain the PCI data.
      Filter out items or match items from a row in a column
      Filter out items or match items from a row in a column. For example, let's say that you want to view only the records that have a specific vulnerability. With the Vulnerable Items related item list tab selected, from the list of records, select the row of a record in the Summary column. Select the three vertical dots menu that is displayed and select one of the following options:
      • Show Matching: Shows all the other records that have this vulnerability.
      • Filter Out: Shows all the records that don't have this vulnerability.
    6. Optional: Select a record to view more details.