Remediation teams are often not responsible for all components on an individual asset. Therefore, while Cisco Vulnerability Management Risk Scoring focuses on the whole asset, vulnerabilities may need to be directed to different teams for remediation.
The easiest way to split fixes between OS and Apps teams is to create Risk Meters which filter on specific Fix Titles. This type of search will catch most new vulnerabilities and direct them to the right team, but the query will need to be adjusted for your organization and also, over time, to accommodate new items.
Infrastructure (note the "-" sign used as "not"):
-fix_title_keyword:(Oracle OR (Microsoft AND Office) OR (Microsoft AND Word) OR (Microsoft AND Excel) OR Java OR Flash OR Acrobat OR .NET OR Silverlight OR ASP.NET OR WebSphere OR Apache OR SQL OR VBScript OR (Adobe AND Reader) OR Acrobat OR Firefox OR (Google AND Chrome))
Application (the positive version of the same query):
fix_title_keyword:(Oracle OR (Microsoft AND Office) OR (Microsoft AND Word) OR (Microsoft AND Excel) OR Java OR Flash OR Acrobat OR .NET OR Silverlight OR ASP.NET OR WebSphere OR Apache OR SQL OR VBScript OR (Adobe AND Reader) OR Acrobat OR Firefox OR (Google AND Chrome))
These queries can be combined with operating system and other criteria to further refine the list of vulnerabilities.
See Guidelines when using Vulnerability based risk meters for more information.
Comments
Please sign in to leave a comment.