Target Audience | Vulnerability Manager |
Feature Availability | Contact your CSM at Vulcan to enable this feature |
About
This best practice guide is dedicated to helping Vulcan Cyber Platform users effectively distinguish between different vulnerability instances on the same asset. It addresses the complexity of managing vulnerabilities within environments where multiple applications or operating systems may reside on a single asset, each with its own responsible teams.
Rationale
In organizations where distinct teams manage different applications, operating systems, and repositories, a vulnerability affecting a specific component necessitates a targeted response. This guide outlines how Vulnerability Managers can leverage the Vulcan Platform's capabilities to assign remediation tickets based on the unique characteristics of each vulnerability instance, ensuring the right team addresses the right issue.
Purpose and Benefits
This best practice aims to facilitate the granular management of vulnerabilities by:
Enabling the filtering of vulnerabilities based on detailed attributes and parameters, such as OS vs. application, deployment vs. application, different components of the same repository, etc.
Allowing the assignment of remediation tasks to the appropriate teams based on the specific and advanced combinations of vulnerability details
Supporting the creation of automation using the Advanced Vulnerability Tags
The benefits include improved efficiency in vulnerability management, enhanced security posture through targeted remediation, and better collaboration among different organizational teams.
Best Practice
Step-by-Step Workflow
Initial Setup with CSM Manager: Contact your Customer Success Manager (CSM) to implement a custom Vulcan Script. This script generates Advanced Vulnerability Tags based on specific data cross-conditions relevant to your organization.
Creating Saved Searches: Use the Advanced Vulnerability Tag(s) to filter vulnerabilities on the Vulcan Platform. Create and save searches with a combination of relevant filters for Assets and Vulnerabilities to effectively narrow down results.
Applying Saved Searches for Remediation: Utilize these saved searches to assign remediation tickets accurately and create playbooks tailored to your organization's needs.
Remediation Strategies and Prioritization
Focus on customizing and applying Advanced Vulnerability Tags to identify and prioritize vulnerabilities. This targeted approach ensures that remediation efforts are directed efficiently to the appropriate team/owner.
FAQs
Can I use Business Groups to manage vulnerabilities based on application or OS?
No, Business Groups are based on asset attributes and cannot filter vulnerabilities by specific details such as OS or application. Advanced Vulnerability Tags are recommended for this purpose.
How often the Vulcan Script is updated?
The script is designed to run on a daily basis, ensuring that vulnerability tags are consistently updated to reflect the most current information and conditions.
How does Vulcan distinguish between different Vulnerability elements, such as the targeted OS vs. Application?
Vulcan utilizes Regex (regular expressions) to define and distinguish between various vulnerability elements. Vulcan crafts tailor-made logic to accurately match the specific distinguishing requirements for each vulnerability element. This enables precise identification and categorization of vulnerabilities based on their characteristics.
For example, the Regex can include logical conditions and interpretations as follows:
Inclusion Condition for Specific Distributions
The regex specifies that it is interested in lines that include names of certain Linux distributions: Oracle Linux, Ubuntu, CentOS, or RHEL.
This is a positive match condition. If a line contains any of these distribution names, it satisfies part of the regex criteria for a match. However, due to the structure of the regex, this condition alone doesn't guarantee a match because of the subsequent exclusion condition.
Exclusion Condition for a Wide Range of Software and Technologies
The regex specifies a negative lookahead for a long list of software and technology names (e.g., Java, JDK, Redis, Grafana, etc.).
This is a negative match condition. It actively excludes lines that contain any of these specified names. If a line includes any of these terms, it does not match the regex, even if it also contains the name of one of the specified Linux distributions.
The regex can be logically interpreted as looking for lines that either
Contain one of the specified Linux distribution names (Oracle Linux, Ubuntu, CentOS, RHEL) and do not contain any of the broad list of excluded software and technology names.
Or, implicitly, lines that do not contain any of the specified Linux distribution names nor any of the excluded software and technology.