To create a new rule, go to Rules > Create Rule.
Provide rule name and rule description for the rule to be created. Click Next.
In the Select Assets step, you can select tags to include(1) and exclude(2) the assets in the rule.
Click to select the assets using asset tags. If you select Any value from drop-down, asset with any selected tag will be included/excluded. If you select All value from drop-down, asset having all selected tags will be included/excluded. You can search and select asset with asset tags.
Note: For the newly created asset, software authorization rule won't be applied to the asset because tag evaluation happens after the asset creation. In subsequent scan, the software authorization rule will be applied to the asset.
Once you've selected the assets with asset tag to include and exclude, click Next.
In the Select Software step, add and select Authorized Software (1), Unauthorized Software (2), and software that Needs Review (3) to be included in the rule.
Click to select and add software to the rule. You can search and select the software with software name. Want to Add Software from Golden Asset Image?
Click Add Software from Golden Asset Image to select the software from golden image assets which shows pop-up to select software.
Select a software from the list and click Apply.
While updating the existing added software from golden image assets, it will overwrite the existing selection.
Select the software and click Add To Rule.
Once you add software in the Authorized bucket, you can mark software as required for the asset. If the required software is not installed on the asset, it will be flagged as 'missing required software' for the asset.
Modify version/update scope:
Once you add software for Authorized, Unauthorized, and Needs Review list, click Modify to select the appropriate criteria.
You can select software with different versions and/or update criteria from the following list:
- In Between
- Selecting Version and Update criteria in different categories for the same product is prohibited. For example, you are not allowed to select 'Cloud Agent' product with 'Version' criteria in the 'Unauthorized' category and 'Cloud Agent' product with 'Update' criteria in the 'Authorized' category for the same rule.
- Make sure you have not selected the same specific software (with version and/or update) in different categories. If you select the same specific software in two different categories, it will show an error message for conflict while creating a rule. For example, if you select 'Cloud Agent' product with 'Specific - Version = 4.6' criteria in the 'Unauthorized' category and 'Cloud Agent' product with 'Below - Version = 5.0' criteria in the 'Authorized' category for the same rule, the "Cloud Agent 4.6" will be considered in both the categories which is conflicting.
Once you've added software in the desired category, click Next.
Review and confirm your selections. You can edit basic information, select assets, and select software from this step as well if required.
Click Finish. Click Reorder This Rule to reorder the rule.
Click View All Rules to see the list of rules on the Rules page.
From the Quick Actions menu, you can view, edit, delete, disable, and create alert for the rule. For more information, refer Manage Authorization Rule.
Software Rules lists following default rules in the 'Disabled' state:
- Apps with Log4j: When enabled, this rule applies to all the software that uses Log4j and that are vulnerable or potentially vulnerable as documented by NCSC-NL. QLYS-CSAM - Log4j Risk dashboard shows assets vulnerable to Log4j with count of apps, Log4j versions, os distribution, etc.
- Software Elevating CyberSecurity Risk for Data Center Assets: When enabled, this rule applies to all the software products that elevate Cybersecurity Risk for Data Center Assets.
- Most Common Ransomware Attack Vectors: When enabled, this rule applies to all the software products that are most commonly used as Ransomware Attack Vectors. RansomWare (RW) Attack Vectors dashboard allows you to examine your assets with missing antivirus, Cybersecurity Risk for Data Center, Most Common Ransomware Attack Vectors, threat exposure, use previous searches, and swiftly remedy the vulnerabilities that are most important to you.
Click Software tab to view the list of software with publisher, category, authorization, rule name and rule status.
Click on the rule name to view the rule.