Importing exceptions

This topic describes how to add exceptions to your system by importing them.

 

Important

If you want to create an exception on all assets for a vulnerability, you can add the exception manually or you can import the exception. However, if you want to create an exception on an asset for all vulnerabilities in the system, you need to import the exception.

Downloading the exception template

To be certain that the CSV files you want to import are properly formatted, download an exception template file:

  1. Select TrueSight Vulnerability Management > Exception Management.
    The Exception Management page appears.

  2. At the top right, click the Import menu and, click Download Sample Template.

The exception template uses the following format:

Exception NameJustificationVulnerability Name CVEAssetsTagsDisabledTicketIDOwnerStart Date(MM/dd/yyyy HH:mm)End Date(MM/dd/yyyy HH:mm)











The following table shows a sample exceptions file, which will create an exception, Exception1 on all the assets (indicated by ALL in the Assets column) for one vulnerability (mentioned in the Vulnerability Name column):

Exception NameJustificationVulnerability Name CVEAssetsTagsDisabledTicketIDOwnerStart Date(MM/dd/yyyy HH:mm)End Date(MM/dd/yyyy HH:mm)
Exception1DecommissioningMicrosoft Group Policy Remote Code Execution Vulnerability"CVE-2015-7181","CVE-2015-7183","CVE-2015-7182ALLOUYes101ASecurity11/30/2019 11:0012/31/2019 13:00

The following table shows a sample exceptions file, which will create an exception, Exception2 on two assets (mentioned in the Assets column) for three vulnerabilities (mentioned in the CVE column):

Exception NameJustificationVulnerability Name CVEAssetsTagsDisabledTicketIDOwnerStart Date(MM/dd/yyyy HH:mm)End Date(MM/dd/yyyy HH:mm)
Exception2
OpenSSH MaxAuthTries Bypass
vw-hus-01;vl-pun-02BUYesZ109Services01/30/2019 11:0004/30/2018 13:00

The following table shows a sample exceptions file, which will create an exception, Exception3 for all vulnerabilities on three assets (mentioned in the Assets column) for all vulnerabilities (indicated by ALL in the Vulnerability Name column):

Exception NameJustificationVulnerability Name CVEAssetsTagsDisabledTicketIDOwnerStart Date(MM/dd/yyyy HH:mm)End Date(MM/dd/yyyy HH:mm)
Exception3Outdated assetsALL
vw-aus-01;vn-pun-02;vn-lex-89
Yes11041Facilities01/30/2019 11:0004/30/2018 13:00

Guidelines to prepare the exceptions file for importing

While preparing the exceptions file, remember the following concepts:

  • You cannot import an exception if an exception with the same name exists in the system.
  • Each exception name in the import file can be a maximum of 255 characters.
  • Each justification in the import file can be a maximum of 2000 characters. If justification contains more than 2000 characters, only 2000 characters are imported, and the remaining characters are truncated. A justification can contain the following characters: a-z, A-Z, 0-9, +, $, &, *, (,), _, -, {,} [,] ,., #.
  • If you provide both vulnerability name and CVE IDs, vulnerability name is considered for import. If you do not provide the name, CVE IDs are considered.
  • A tag can contain the following characters: a-z, A-Z, 0-9, +, $, &, *, (,), _, -, {,} [,] ,.,: #. If there are multiple values for an asset or tag, separate them with semicolons.
  • You cannot provide a value of All in the Tags column.
  • You cannot provide a value of All in the Assets column and the Vulnerability Name column at the same time.
  • In the CSV file, enter Start Date and End Date in UTC format only. Dates you specify in these columns are considered according to the browser timezone.
  • Based on the vulnerability name and CVE ID combination specified in the import file, matching vulnerabilities are retrieved from the system and included as part of the exception If you have more than one vulnerabilities with the same combination of name and CVE ID, then you can specify particular assets in the import file so that exception is applicable to only those assets, not all assets.
  • A CSV file used to import exception data can use UTF-8 encoding.

To import exceptions

  1. Prepare the exceptions file to import, according to the exception template.
  2. From the Security Groups list, choose the security group that you want to be assigned as the creator of the exceptions present in the import file. 
    By default, security group assigned to the currently logged-in user becomes the creator of the exception.
  3. Click the Import menu, and choose the Import Exceptions option.
  4. Navigate to the file, select it, and click Open.
    A message in the Status window informs you that request for importing the exceptions file has been submitted successfully. 
  5. (optional) Click the Activity Status link in the Status window. 
    You can monitor the progress of the import process in the Activity Status window.
  6. (optional) Click OK in the Status window to view the exceptions on the Exception Management page. 
    If the import process is successful, you should be able to see the exceptions on this page. Depending on the value of the Disabled column in the imported file, an exception appears as enabled or disabled on the Exception Management page. 

Sometimes, an exception import might be only partially completed. If any lines in the CSV file are formatted improperly, those lines are skipped during the import while valid lines continue to be imported. In the Activity Status window, the message in the More Information column for an import provides detailed error information about invalid lines or any failures. 

Assets groups and exceptions

If an exception is created by one security group on an asset and that asset is accessible to another security group, then that exception is applicable to another security group as well. For example, if an exception, exc1 is created on an asset, assetA by a security group, SG1, and assetA is accessible to another security group, SG2, then the exception is applicable to SG2 as well.

If an exception is created by one security group on an asset and that security group has been assigned that asset through an asset group, and another security group has not been assigned that asset group, then that exception is not applicable to another security group. For example, there are two asset groups, AG1 and AG2 and two security groups SG1 and SG2. assetA and assetB are assigned to SG1 and assetB has been assigned to SG1. An exception, exc1 has been created by SG1 on assetA. This exception is applicable only to SG1, not SG2. 

Was this page helpful? Yes No Submitting... Thank you

Comments