How can I create risk meters for infrastructure vs application remediation teams?

Remediation teams are often not responsible for all components on an individual asset. Therefore, while Kenna risk scoring focuses on the whole asset, vulnerabilities may need to be directed to different teams for remediation. 

The easiest way to split fixes between OS and Apps teams is to create Risk Meters which filter on specific Fix Titles. This type of search will catch most new vulnerabilities and direct them to the right team, but the query will need to be adjusted for your organization and also, over time, to accommodate new items. 

Infrastructure (note the "-" sign used as "not"):

-fix_title:("Oracle*" OR "IBM Java*" OR "*Microsoft Office*" OR "*Microsoft Word*" OR "*Microsoft Excel*"OR "*Java*" OR "*Adobe Flash*" OR "*.NET*" OR "*Silverlight*" OR "*ASP.NET*" OR "*WebSphere*"OR "*Apache*" OR "*SQL*" OR "*VBScript*" OR "*java*" OR "*Adobe Reader*" OR "*Adobe Acrobat*" OR "*Firefox*" OR "*Google Chrome*")

Application (the positive version of the same query):

fix_title:("Oracle*" OR "IBM Java*" OR "*Microsoft Office*" OR "*Microsoft Word*" OR "*Microsoft Excel*"OR "*Java*" OR "*Adobe Flash*" OR "*.NET*" OR "*Silverlight*" OR "*ASP.NET*" OR "*WebSphere*"OR "*Apache*" OR "*SQL*" OR "*VBScript*" OR "*java*" OR "*Adobe Reader*" OR "*Adobe Acrobat*" OR "*Firefox*" OR "*Google Chrome*")

These queries can be combined with operating system and other criteria to further refine the list of vulnerabilities. 

See Guidelines when using Vulnerability based risk meters for more information. 

 

 

 

Powered by Zendesk