Using tags to filter remediation targets

This use case demonstrates how to use tags to filter assets needing remediation. The use case first demonstrates how to import tags into TrueSight Vulnerability Management. Then the use case shows how to use tags to filter the assets shown on the Operator Dashboard and thereby limit the assets that a Remediation operation can target.

This topic includes the following sections:

The following video demonstrates how to use TrueSight Vulnerability Management to filter assets based on tags and then generate a Remediation operation based on those tags.

 https://youtu.be/rtMSF-dz358

Introduction

Tags are key/value pairs. For each tag associated with an asset, one or more values can be defined. You can use tags to enrich the data associated with assets in your system. For example, this use case shows how tags are used to differentiate assets with owners that should be the subject of remediation activity.

This use case consists of the following phases:

  • Importing tag files
  • Filtering vulnerabilities listed on the Operator Dashboard

What do I need to get started?

  • You must have endpoint manager credentials to import tag files. The other procedures in this use case do not require any elevated privileges. 
  • You must have imported vulnerabilities detected in a vulnerability scan, mapped assets to managed endpoints, and mapped vulnerabilities to remediation content. These procedures are described in Mapping vulnerability scan results to a server environment.

How to import tags 

 

Procedure

Example (click to enlarge) 

1

This procedure requires you to import a CSV file containing tags and tag values. The file should map endpoints to tags and tag values. Before importing the CSV file, ensure that it has the format shown at right.

Fore more detailed information about formatting a tag file, see Managing tags for assets.


2

Using TrueSight Vulnerability Management, access the Tabs capability:

  1. As an endpoint manager, click the drop-down menu by your user name (at top right). Then, select Administration
  2. Click the Tags tab. 

3

Click Select .csv File to Import and then select the type of tags to import. Currently, the only choice is Assets. Then navigate to the CSV file you prepared in the first step and select it.

4If the file is large, the import may take a few minutes. To check on the progress of the import, click Activity Status.

5The Activity Status lists recent activities and their status, including tag imports.



How to use tags to filter vulnerabilities needing remediation

When you launch the Remediation operation wizard from the Operator Dashboard, the contents of the Actionable Vulnerabilities list become the target of any remediation operations. This use case shows how to use tags to filter the vulnerabilities listed in the Actionable Vulnerabilities list to limit the vulnerabilities requiring action. 


ProcedureExample (click to enlarge)
1

Select TrueSight Vulnerability Management > Operator Dashboard.

2For Scan Data, select the scan files or the period of time you want to view.

3

For Tags, select one or more tags to use for filtering information displayed on the dashboard. In this case, we select OWNER. (Tag names are always upper case.) Then click Apply Filters.

After making this selection, the Operator Dashboard only displays information about vulnerabilities found on assets where the OWNER tag has been applied.

To further limit the scope of data shown on the dashboard, you can apply additional filters besides just tags.


4

To show tags in the Actionable Vulnerabilities list, select Display Columns and then select the tags to display. In this case we select OWNER.

The Actionable Vulnerabilities list now includes a column called OWNER.

5

Review the contents of the OWNER column to confirm these vulnerabilities only apply to assets requiring remediation. If necessary sort the column to help examine its contents.

In the example shown at right, only vulnerabilties with an owner appear in the Actionable Vulnerabilities list.

6Click Remediate to open the Remediation operation wizard, which launches remediation operations for vulnerabilities listed in the Actionable Vulnerabilities list.



Wrapping it up

In this topic you imported tag files and then used tags to filter the vulnerabilities displayed on the Operator Dashboard. Using a tag as a filter, you can limit the vulnerabilities corrected in a Remediation operation to assets where that tag is applied.

Where to go from here

Learn more about managing tags. See Managing tags for assets.

Learn more about defining a Remediation operation. See Creating a Remediation operation.

Was this page helpful? Yes No Submitting... Thank you

Comments