Create Authorization Rule

To create a new rule, go to Rules > Create Rule.

Create software rule

Step 1: Basic Information

Provide rule name and rule description for the rule to be created. Click Next.

Basic Information

Step 2: Select Assets

In the Select Assets step, you can select tags to include(1) and exclude(2) the assets in the rule.

Select assets

Click to select the assets using asset tags. If you select Any value from drop-down, asset with any selected tag will be included/excluded. If you select All value from drop-down, asset having all selected tags will be included/excluded. You can search and select asset with asset tags.

Select tags

Note: For the newly created asset, software authorization rule won't be applied to the asset because tag evaluation happens after the asset creation. In subsequent scan, the software authorization rule will be applied to the asset.

Once you've selected the assets with asset tag to include and exclude, click Next.

Step 3: Select Software

In the Select Software step, add and select Authorized Software (1), Unauthorized Software (2), and software that Needs Review (3) to be included in the rule.

Select software

Click to select and add software to the rule. You can search and select the software with software name. Want to Add Software from Golden Asset Image?

Select the software and click Add To Rule.

Software selector

Required Software:

Once you add software in the Authorized bucket, you can mark software as required for the asset. If the required software is not installed on the asset, it will be flagged as 'missing required software' for the asset.

Required Software

Modify version/update scope:

Once you add software for Authorized, Unauthorized, and Needs Review list, click Modify to select the appropriate criteria.

You can select software with different versions and/or update criteria from the following list:

- ANY

- Specific

- In Between

- Above

- Below

Notes:

- Selecting Version and Update criteria in different categories for the same product is prohibited. For example, you are not allowed to select 'Cloud Agent' product with 'Version' criteria in the 'Unauthorized' category and 'Cloud Agent' product with 'Update' criteria in the 'Authorized' category for the same rule.

- Make sure you have not selected the same specific software (with version and/or update) in different categories. If you select the same specific software in two different categories, it will show an error message for conflict while creating a rule. For example, if you select 'Cloud Agent' product with 'Specific - Version = 4.6' criteria in the 'Unauthorized' category and 'Cloud Agent' product with 'Below - Version = 5.0' criteria in the 'Authorized' category for the same rule, the "Cloud Agent 4.6" will be considered in both the categories which is conflicting.

Software criteria

Once you've added software in the desired category, click Next.

Step 4: Review and Confirm

Review and confirm your selections. You can edit basic information, select assets, and select software from this step as well if required.

Review and confirm

Click Finish. Click Reorder This Rule to reorder the rule.

Rules created successfully

Click View All Rules to see the list of rules on the Rules page.

Rule list

From the Quick Actions menu, you can view, edit, delete, disable, and create alert for the rule. For more information, refer Manage Authorization Rule.

Software Rules lists following default rules in the 'Disabled' state:

- Apps with Log4j: When enabled, this rule applies to all the software that uses Log4j and that are vulnerable or potentially vulnerable as documented by NCSC-NL. QLYS-CSAM - Log4j Risk dashboard shows assets vulnerable to Log4j with count of apps, Log4j versions, os distribution, etc.

- Software Elevating CyberSecurity Risk for Data Center Assets: When enabled, this rule applies to all the software products that elevate Cybersecurity Risk for Data Center Assets.

- Most Common Ransomware Attack Vectors: When enabled, this rule applies to all the software products that are most commonly used as Ransomware Attack Vectors. RansomWare (RW) Attack Vectors dashboard allows you to examine your assets with missing antivirus, Cybersecurity Risk for Data Center, Most Common Ransomware Attack Vectors, threat exposure, use previous searches, and swiftly remedy the vulnerabilities that are most important to you.

Click Software tab to view the list of software with publisher, category, authorization, rule name and rule status.

Software

Click on the rule name to view the rule.