Queries for Remediation Projects

I have a list of the software installed and matrixed out who would get assigned, but I’m looking for a better way to manage the list than explicit assignments.
Lets say there are two servers APP01 and DBS01
The APP01 is a Windows server with IIS installed, but also something like Adobe
The DBS01 is a Linux box with MySQL
I would like the Application Team to get the Adobe, Middleware to get IIS, DBAs to get MySQL, Windows and Linux to get anything remediated by monthly patching or system config related on their OS.
How would you write four different queries that can be used to create a Remediation Project based on those criteria?

This is not a feature of the tool and indeed a gap that we see in larger organizations.

On a host level, you can tag assets (e.g. owners). The challenge is that on a vulnerability level, it is not document specifically whether this is infra/db/webstack etc. This mapping needs to be done manually, in line with how your organization internally divides it stack in the teams. This will be different for each organisation.

You could use the list of vulnerability categories (https://host:3780/vulnerability/categories.jsp, sorted by # vulns) to group/tag assets based on stack e.g.

  • platform: Ubuntu Linux, rhel, Windows.
  • middleware: Apache, HTTP, IIS

but these are very general. These tags could be used to apply as filter on your Insight Dashboard, prior to creating the remediation projects. This is surely complex as you would also need to monitor anything that is not tagged, and you have no way to granularly assign a vuln to a specific category.

Just giving some ideas as there is imo no other way to handle this.

2 Likes

Thank you, that is what I thought. I do tagging for ownership and that is how i know what App Team to assign things like Adobe to, it is the overlapping infrastructure teams that are more difficult.
I think I can segment out them, then I just have to use reverse on everyone else. Not the best for maintainability, but you work with what you have.

I have resorted to tagging as well. Until we have enough drive to convince leadership to invest in a service now module that supports more granularity.