Skip to main content
All CollectionsBest PracticesVulnerability Manager User
Advanced Vulnerability Tagging and Team-Based Remediation Best Practice
Advanced Vulnerability Tagging and Team-Based Remediation Best Practice
Updated over a week ago

Target Audience

Vulnerability Manager

Feature Availability

Contact your CSM at Vulcan to enable this feature

About

This best practice guide is dedicated to helping Vulcan Cyber Platform users effectively distinguish between different vulnerability instances on the same asset. It addresses the complexity of managing vulnerabilities within environments where multiple applications or operating systems may reside on a single asset, each with its own responsible teams.

Rationale

In organizations where distinct teams manage different applications, operating systems, and repositories, a vulnerability affecting a specific component necessitates a targeted response. This guide outlines how Vulnerability Managers can leverage the Vulcan Platform's capabilities to assign remediation tickets based on the unique characteristics of each vulnerability instance, ensuring the right team addresses the right issue.

Purpose and Benefits

This best practice aims to facilitate the granular management of vulnerabilities by:

  • Enabling the filtering of vulnerabilities based on detailed attributes and parameters, such as OS vs. application, deployment vs. application, different components of the same repository, etc.

  • Allowing the assignment of remediation tasks to the appropriate teams based on the specific and advanced combinations of vulnerability details

  • Supporting the creation of automation using the Advanced Vulnerability Tags

The benefits include improved efficiency in vulnerability management, enhanced security posture through targeted remediation, and better collaboration among different organizational teams.

Best Practice

Step-by-Step Workflow

  1. Initial Setup with CSM Manager: Contact your Customer Success Manager (CSM) to implement a custom Vulcan Script. This script generates Advanced Vulnerability Tags based on specific data cross-conditions relevant to your organization.

  2. Creating Saved Searches: Use the Advanced Vulnerability Tag(s) to filter vulnerabilities on the Vulcan Platform. Create and save searches with a combination of relevant filters for Assets and Vulnerabilities to effectively narrow down results.

  3. Applying Saved Searches for Remediation: Utilize these saved searches to assign remediation tickets accurately and create playbooks tailored to your organization's needs.

Remediation Strategies and Prioritization

Focus on customizing and applying Advanced Vulnerability Tags to identify and prioritize vulnerabilities. This targeted approach ensures that remediation efforts are directed efficiently to the appropriate team/owner.


FAQs

Can I use Business Groups to manage vulnerabilities based on application or OS?

No, Business Groups are based on asset attributes and cannot filter vulnerabilities by specific details such as OS or application. Advanced Vulnerability Tags are recommended for this purpose.

How often the Vulcan Script is updated?

The script is designed to run on a daily basis, ensuring that vulnerability tags are consistently updated to reflect the most current information and conditions.

How does Vulcan distinguish between different Vulnerability elements, such as the targeted OS vs. Application?

Vulcan utilizes Regex (regular expressions) to define and distinguish between various vulnerability elements. Vulcan crafts tailor-made logic to accurately match the specific distinguishing requirements for each vulnerability element. This enables precise identification and categorization of vulnerabilities based on their characteristics.

For example, the Regex can include logical conditions and interpretations as follows:

Inclusion Condition for Specific Distributions

  • The regex specifies that it is interested in lines that include names of certain Linux distributions: Oracle Linux, Ubuntu, CentOS, or RHEL.

  • This is a positive match condition. If a line contains any of these distribution names, it satisfies part of the regex criteria for a match. However, due to the structure of the regex, this condition alone doesn't guarantee a match because of the subsequent exclusion condition.

Exclusion Condition for a Wide Range of Software and Technologies

  • The regex specifies a negative lookahead for a long list of software and technology names (e.g., Java, JDK, Redis, Grafana, etc.).

  • This is a negative match condition. It actively excludes lines that contain any of these specified names. If a line includes any of these terms, it does not match the regex, even if it also contains the name of one of the specified Linux distributions.

The regex can be logically interpreted as looking for lines that either

  • Contain one of the specified Linux distribution names (Oracle Linux, Ubuntu, CentOS, RHEL) and do not contain any of the broad list of excluded software and technology names.

  • Or, implicitly, lines that do not contain any of the specified Linux distribution names nor any of the excluded software and technology.

Did this answer your question?