Quick start tests for Vulnerability Response
Validate that Vulnerability Response still works after you make any configuration change such as apply an upgrade or develop an application. Copy and customize these quick start tests to pass when using your instance-specific data.
The test execution property is disabled by default to prevent running tests on a production system. Run tests only on development, test, and other non-production instances. If demo data or demo accounts are created, all demo data should be removed prior to using the instance in non-production or production. See Run the Automated Test Framework (ATF) test suite for Vulnerability Response for more information about setting up and running the test suite for Vulnerability Response.
Vulnerability Response quick start tests require activating the Vulnerability Response application (sn_vul) and loading the demo data.
| Test | Description | Release version |
|---|---|---|
| VR: Create Remediation Target Rule | Create a Remediation Target Rule. | Madrid |
| VR: Create Vulnerability Group Rule | Create a Vulnerability Group Rule. | Madrid |
| VR: Create Vulnerable Item via Form | Determine whether a user can successfully create a vulnerable item from the Vulnerable Item form. | Madrid |
| VR: Vulnerability Group Life Cycle | Determine whether a user can successfully resolve a vulnerability group. | Madrid |
| VR: Vulnerable Item life cycle | Determine whether a user can successfully move a vulnerable item through its life cycle, and also determine whether a closed vulnerable item can be reopened. | Madrid |
| VR: Rollup Calculator | Determine whether the rollup risk calculator can provide an overall risk score for an entire group of vulnerable items using the scores for all the vulnerable items in a vulnerability group. | New York |
| VR: Vulnerability Response Assignment Rules | Determine whether a sample set of assignment rules can successfully auto-assign vulnerable items to an assignment group for remediation. | New York |
| VR: Vulnerability Calculators | Test the vulnerability calculators. | New York |
| VR: CI Lookup - Qualys | Create a new lookup rule with method "field_matching" called "Lookup By Network Adapter" for Qualys. Determine whether a configuration item is successfully matched in the Discovered Item table by network adapter and IP address with the new lookup rule. | Orlando |
| VR: Create Normal and Emergency Change Request | Determine whether the user can successfully create normal and emergency change requests from a vulnerability group. | Orlando |
| VR: Split Vulnerability Group | Determine whether the user can successfully split a vulnerability group. | Orlando |
| VR: Update VG state when a CHG is cancelled. | Determine whether the State field on a vulnerability group successfully transitions when a change request that is associated with the vulnerability group is cancelled. | Orlando |
| VR: Update VG state when a CHG transitions to Review. | Determine whether the State field on a vulnerability group successfully transitions when a change request that is associated with it moves to the Review state. | Orlando |
| VR: CI Lookup - Rapid7 | Test CI lookup using the existing Rapid7 Vulnerability Integration lookup rule, IP Address. | Orlando |
| VR: CI lookup - Qualys | Test CI lookup by creating a new lookup rule for the Qualys Vulnerability Integration | Orlando |
| VR: Exception Approval Workflow for VI | Create an exception request and verify that the approval process is working. | Orlando |
| VR: False Positive Approval Workflow for VI | Create a false positive exception request and verify that the approval process is working. | Orlando |
| VR: Application Vulnerability Response (AVR) | Determine whether your rules and calculators are working correctly. Verify that updates are working. | Orlando |
| Remediation target rules: VI import test | Tests VR remediation target rules during import. | Paris |
| VR: Classification Rule | A sample classification rule that automatically classifies a vulnerability. | Tokyo |