Remediation - The Basics

What is a policy?

How are tickets reopened?

How do I order policy rules?

Manual reopen ticket option

What if a vulnerability matches more than one rule?

I fixed a vulnerability. How does the ticket get closed?

How are scan results applied to policies?

How do scan options affect ticket updates?

How are tickets created?

Who can ignore and delete tickets?

Are tickets created from agent scans?

How do I reassign a ticket?

Can I manually create tickets?

Will I be notified when tickets are updated?

How are tickets updated?

Can I choose a timeframe for ticket display?

How are tickets closed

 


What is a policy?

A policy includes a set of rules that tell us when to create tickets, who to assign them to, and how quickly they should be resolved. You can have one global policy for the subscription and one policy for each business unit.

How do I order policy rules?

Policy rules are applied to scan results in the order in which they are listed. The rule at the top of the list has the highest priority and is applied first. To change the order, go to Remediation > Policies > New > Reorder. Move a rule up in the list to increase its priority or move it down to decrease its priority.

Who can reorder policy rules?

What if a vulnerability matches more than one rule?

If a detected vulnerability matches more than one rule, the action specified for the first rule it matches takes precedence. For this reason, if you have a rule that specifies tickets should not be created when rule conditions are met, then that rule should be at the top of the list.

How are scan results applied to policies?

Scan results are first compared to the user's business unit policy and then to the global policy. If the user who launched the scan is not assigned to a business unit or if the user's business unit does not have a policy, then the scan results are only compared to the global policy.

Scan results from users in the Unassigned business unit

Scan results from users in a business unit with a business unit policy

Scan results from users in a business unit without a business unit policy

No global remediation policy

How are tickets created?

The service automatically creates new tickets when detected vulnerabilities match a remediation policy in the account. New tickets are created on a continuous basis as new scan results become available.

Are tickets created from agent scans?

Yes. Tickets are created when vulnerabilities detected from agent scans match a remediation policy in the account. When the policy is set to assignee "User Running Scan" tickets will be assigned to the Manager Primary Contact for the subscription.

Can I manually create tickets?

Yes. You can manually create a ticket for any vulnerability instance. You can create a ticket from a scan report with the vulnerability listed or create a ticket from host information.

How to create a ticket from a scan report

How to create a ticket from host information

How are tickets updated?

The service automatically adjusts ticket state/status as new scan results become available. For example, if a user has marked a ticket Resolved and a subsequent scan verifies that the issue has been successfully fixed, then the service will close the ticket.

How are tickets closed?

There are a few ways that a ticket can be closed. The most common is that you've fixed the vulnerability, and a new scan has verified the fix. In this case, the ticket will be automatically closed for you. You can also close/ignore a ticket if you don't plan to fix the vulnerability. Learn more

How are tickets reopened?

Tickets that have been resolved or closed will be reopened automatically if the related vulnerability is detected by a new scan. Users can also manually reopen a ticket. Learn more

Tell me about the manual Reopen ticket option

The Reopen ticket option allows you to automatically reopen the ticket in a set number of days. You can select this option from the UI (host information) and from within template based scan reports with host based findings. Learn more

I fixed a vulnerability. How does the ticket get closed?

After applying a fix launch a new scan on the host to verify the fix and close the ticket. Remediation options set for the subscription determine if a user must mark a ticket resolved before it can be closed or if the service can immediately close an open ticket when a fix is verified by a new scan. Go to Remediation > Setup to see options related to ticket transitions.

How do scan options affect ticket updates?

The scan options set at the time of the scan determine which tickets are updated. Scan results are applied to tickets in the following ways:

- Scan results from a selective vulnerability scan are only applied to tickets related to the target vulnerabilities.

- Scan results from a partial port scan are only applied to tickets related to those specific ports.

- Scan results from an authenticated scan are only applied to tickets created as the result of an authenticated scan. If a ticket is opened as the result of an authenticated scan and you fix the vulnerability, you must run another authenticated scan on the host to verify the fix and close the ticket.

Who can ignore and delete tickets?

Managers and Unit Managers have permission to ignore and delete tickets. Scanners and Readers can ignore and delete tickets on hosts only when these remediation options are set for the subscription. Go to Remediation > Setup > Remediation to change permissions for Scanners and Readers.

How do I reassign a ticket to someone else?

Go to Remediation > Tickets. Select the tickets you want to reassign and choose Edit from the Actions menu. Then select a user to assign the tickets to.

Will I be notified when tickets are updated?

This depends on whether you have the Daily Trouble Tickets email notification option enabled in your account. Select User Profile below your user name (in the top right corner) and then go to the Options section to see and edit notification options.

Can I choose a timeframe for ticket display?

This option is available to Managers, Unit Managers, Scanners and Readers. Users with Remediation User role will default to 30 days.