Overview


About

The "Has Fix Type" metadata lets you filter vulnerabilities and create automation rules based on specific fix-type.


Why you need this

It all started with a customer request to filter vulnerabilities by patch-availability so they can create automation around it and route patchable vulnerabilities to a specific team. So, we've upgraded and extended the known "Has Fix" vulnerability filter to include more fix options and fix delivery methods. Introducing, the "Has Fix Type" feature.

From now on, you can:

  • Filter vulnerabilities by fix-type

  • Create an automation based on a fix-type

  • Assign and route vulnerabilities to different teams based on fix-type

  • Distinguish between patchable vulnerabilities and non-patchable vulnerabilities


Fix-types and their filtering results

Fix-Type value

Filtering Result

Ansible

A vulnerability that has Ansible script as at least one of the available fixes

Any Fix

A vulnerability with an available fix of any kind

Chef

zA vulnerability that has a Chef script as at least one of the available fixes

No Fix

A vulnerability that has no available fixes based on all the information gathered from the scanners and advisories. I.e., the Vulcan Platform has no available fix for this vulnerability based on the collected database.

Not Patchable by Qualys

A vulnerability that has no patchable fix available by Qualys

Patchable

A vulnerability that has a fix in the form of a patch (software update)

Puppet

A vulnerability that has a Puppet script as at least one of the available fixes

Workaround

A vulnerability that has a workaround solution as at least one of the available fixes.

Note: A vulnerability that has an available workaround might also have other available fixes or patches at the same time.



Filter vulnerabilities by fix-type

  1. Go to Vulnerabilities

  2. In the "Search or filter vulnerabilities" search bar, type "Has Fix Type" and then select the relevant fix type.


Automate and route vulnerabilities by fix-type

Since Fix-Types are basically a meta-data elements, you can use them as a condition in any kind of automation you create.

Here is an example:

Did this answer your question?