CSIRT Plan provides the following three automated triage functions for setting the status of detected tasks automatically, using:
It is recommended to use these three functions in combination to complement each other.
Automated triage using SSVC has the following advantages:
For more details about SSVC, see [Manual> SSVC] (/en/manual/csirt_option/ssvc/).
In automated triage using SSVC, you can set “actions to take when the SSVC Priority derived during scanning is different from the previous one.” For example, if SSVC Priority is determined to have a high priority of “immediate” or “out of cycle,” you can automatically set the task status to “new.” New tasks are assigned to the “unresolved” status on the vulnerability list and task list submenu, indicating that triage is required again.
For tasks determined to have a lower priority such as “scheduled” or “deferred,” the task status can be automatically set to “defer” or “risk_accepted.”
In addition, task priority and response deadline can also be set automatically.
For more information on settings, see [SSVC Configuration] (/en/manual/csirt_option/ssvc/config/).
This function allows you to define and configure rules to “consider high risk” and automatically assign the “danger” status to vulnerabilities that match these rules.
Currently, it is possible to use SSVC to complement the decision tree and automatically assign “danger” status to vulnerabilities with a CVSS score of “10,” even if they do not meet the “immediate” criteria in the SSVC decision tree.