Using tags to filter remediation targets
This use case demonstrates how to use tags to filter assets needing remediation. The use case first demonstrates how to import tags into TrueSight Vulnerability Management. Then the use case shows how to use tags to filter the assets shown on the Operator Dashboard and thereby limit the assets that a Remediation operation can target.
This topic includes the following sections:
The following video demonstrates how to use TrueSight Vulnerability Management to filter assets based on tags and then generate a Remediation operation based on those tags.
Tags are key/value pairs. For each tag associated with an asset, one or more values can be defined. You can use tags to enrich the data associated with assets in your system. For example, this use case shows how tags are used to differentiate assets with owners that should be the subject of remediation activity.
This use case consists of the following phases:
- Importing tag files
- Filtering vulnerabilities listed on the Operator Dashboard
What do I need to get started?
- You must have endpoint manager credentials to import tag files. The other procedures in this use case do not require any elevated privileges.
- You must have imported vulnerabilities detected in a vulnerability scan, mapped assets to managed endpoints, and mapped vulnerabilities to remediation content. These procedures are described in Mapping vulnerability scan results to a server environment.
How to import tags
Example (click to enlarge)
This procedure requires you to import a CSV file containing tags and tag values. The file should map endpoints to tags and tag values. Before importing the CSV file, ensure that it has the format shown at right.
Fore more detailed information about formatting a tag file, see Managing tags for assets.
Using TrueSight Vulnerability Management, access the Tabs capability:
Click Select .csv File to Import and then select the type of tags to import. Currently, the only choice is Assets. Then navigate to the CSV file you prepared in the first step and select it.
|4||If the file is large, the import may take a few minutes. To check on the progress of the import, click Activity Status.|
|5||The Activity Status lists recent activities and their status, including tag imports.|
How to use tags to filter vulnerabilities needing remediation
When you launch the Remediation operation wizard from the Operator Dashboard, the contents of the Actionable Vulnerabilities list become the target of any remediation operations. This use case shows how to use tags to filter the vulnerabilities listed in the Actionable Vulnerabilities list to limit the vulnerabilities requiring action.
|Procedure||Example (click to enlarge)|
Select TrueSight Vulnerability Management > Operator Dashboard.
|2||For Scan Data, select the scan files or the period of time you want to view.|
For Tags, select one or more tags to use for filtering information displayed on the dashboard. In this case, we select OWNER. (Tag names are always upper case.) Then click Apply Filters.
After making this selection, the Operator Dashboard only displays information about vulnerabilities found on assets where the OWNER tag has been applied.
To further limit the scope of data shown on the dashboard, you can apply additional filters besides just tags.
To show tags in the Actionable Vulnerabilities list, select Display Columns and then select the tags to display. In this case we select OWNER.
The Actionable Vulnerabilities list now includes a column called OWNER.
Review the contents of the OWNER column to confirm these vulnerabilities only apply to assets requiring remediation. If necessary sort the column to help examine its contents.
In the example shown at right, only vulnerabilties with an owner appear in the Actionable Vulnerabilities list.
|6||Click Remediate to open the Remediation operation wizard, which launches remediation operations for vulnerabilities listed in the Actionable Vulnerabilities list.|
Wrapping it up
In this topic you imported tag files and then used tags to filter the vulnerabilities displayed on the Operator Dashboard. Using a tag as a filter, you can limit the vulnerabilities corrected in a Remediation operation to assets where that tag is applied.
Where to go from here
Learn more about managing tags. See Managing tags for assets.
Learn more about defining a Remediation operation. See Creating a Remediation operation.