Configure Policy Rules

Vulnerability search lists are required for defining rule conditions. If a vulnerability is found that matches any search list in the policy rule, then the action specified for the rule is taken. To create a search list, go to VM/VMDR > KnowledgeBase > Search Lists.

Tell us what action to take when rule conditions are met. Note that policy rules are applied to scan results in the order in which they are listed. If a detected vulnerability matches more than one rule, the action specified for the first rule it matches takes precedence.

Your options are:

Create tickets - set to Open. Tickets will be created in Open state and assigned to a user with a deadline for resolution. The clock starts ticking as soon as the scan that resulted in the ticket completes.

Create tickets - set to Closed/Ignored. Tickets will be created in Closed/Ignored state and assigned to a user. You have the option to automatically reopen the tickets in a set number of days. When enabled, the ticket state is changed from Closed/Ignored to Open on the due date, assuming the issue still exists, and the ticket is marked as overdue. If the issue was resolved at some point while the ticket was in the Closed/Ignored state, then the ticket state is changed from Closed/Ignored to Closed/Fixed.

Do not create tickets. A rule with this action must be at the top of the rules list to ensure it is applied first. Tickets will not be created when the rule conditions are met as long as this is the first rule that's matched. Use this option for hosts or vulnerabilities that should never trigger the creation of a ticket.

Tell us who will be responsible for the tickets created as a result of this policy rule. You can choose a specific user from the list or select one of the following options.

User Running Scan - select this option to assign each ticket to the user who started the scan that resulted in the ticket. In the case of agent scans, tickets are assigned to the Manager Primary Contact for the subscription.

Asset Owner - select this option to assign each ticket to the user who has been designated as the owner of the host the ticket applies to.

How do I assign an owner to a host?

What if I assign tickets to the "Asset Owner" but there isn't one?

It's possible that multiple kernels are detected on a single Linux host. By selecting this option, you can be sure tickets are only created for vulnerabilities found on the running Linux kernel.

After creating your policy rules, you must start new vulnerability scans. As your scans finish and the results are processed, the results will be compared to your policy rules and tickets will be automatically created. Go to VM/VMDR > Scans > New > Scan to start a new scan.

Using cloud agent? Agent scan results will also be compared to your policy rules and tickets will be created. When the policy assignee is set to User Running Scan, we'll assign tickets to the Manager Primary Contact for the subscription.

As tickets are created they appear on the Tickets list. Go to VM/VMDR > Remediation > Tickets to view and manage your tickets.

Policy rules are applied to scan results in the order in which they are listed. The rule at the top of the list has the highest priority and is applied first. Move a rule up in the list to increase its priority or move it down to decrease its priority.

Tip - If you have a rule that specifies tickets should not be created when conditions are met, then that rule should be at the top of the list so it is applied first.

Here are the steps: Go to VM/VMDR > Remediation > Policies. Select Reorder from the New menu. Select a rule in the list and use the Move Up and Move Down buttons.