Roles

About Roles

Roles are a feature for grouping servers.

By creating roles with names such as “db” or “app”, you can organize servers and make information easier to view, or set metrics for CVSS score recalculation for each environment.

A role named default is created when a group is created.

Role List

You can manage created roles in a list.

Role List

The order and display of items in the list can be set on the screen.

Item Details Update Timing
Role ID The ID of the role. None
Role Name The name of the role. Can be set or changed on the screen. When changing roles.
Number of Servers The number of servers belonging to the role. When updating servers.
CR (Confidentiality Requirement) The value that defines the importance of confidentiality for CVSS score recalculation, among the environment values of CVSS, which corresponds to the security requirements of the target system. When changing roles.
IR (Integrity Requirement) The value that defines the importance of integrity for CVSS score recalculation, among the environment values of CVSS, which corresponds to the security requirements of the target system. When changing roles.
AR (Availability Requirement) The value that defines the importance of availability for CVSS score recalculation, among the environment values of CVSS, which corresponds to the security requirements of the target system. When changing roles.
Immediate Unresolved Tasks The number of tasks associated with servers belonging to the role, whose SSVC (Special Scanning and Vulnerability Coverage) priority is “Immediate”, status is “NEW”, and there is no “non-display” setting. During scanning.
Out of Cycle Unresolved Tasks The number of tasks associated with servers belonging to the role, whose SSVC priority is “OutOfCycle”, status is “NEW”, and there is no “non-display” setting. During scanning.
Unresolved Tasks The number of tasks associated with servers belonging to the role, whose status is “NEW” and there is no “non-display” setting. During scanning, and when updating tasks.
In Progress Tasks The number of tasks associated with servers belonging to the role, whose status is “INVESTIGATING”, “ONGOING”, or “DEFER”, and there is no “non-display” setting. During scanning, and when updating tasks.
Completed Tasks The number of tasks associated with servers belonging to the role, whose status is not “NEW”, “INVESTIGATING”, “ONGOING”, “DEFER”, or is a “non-display” setting. During scanning, and when updating tasks.

Adding Roles

You can create a new role from the role list.

Adding Roles

Role Second Pane

Clicking an item in the role list of the first pane displays the second pane.

Details Tab

In the Details tab, you can check the details of the role.

Role Details

In the Role Details, you can change the role name and the metrics for the security requirements of the target system.

Changing the Role Name

You can change the role name in the Role Details. You can also change the default role name.

Security Requirements for the Target System

Set the CVSS system security requirements for the servers included in the role. By setting the security requirements for confidentiality, integrity, and availability according to each role’s environment, you can recalculate the CVSS score in the vulnerability details.

Overview of Common Vulnerability Scoring System CVSS v3: Information-technology Promotion Agency, Japan https://www.ipa.go.jp/security/vuln/CVSSv3.html

Vulnerabilities × Tasks

Displays the tasks and vulnerabilities related to the servers belonging to the selected role. Clicking the cell in the CVE-ID column displays the details of the vulnerability, while clicking the cell in the other columns displays the details of the task.

Vulnerabilities × Tasks

Servers

Displays the servers belonging to the selected role. Servers without vulnerabilities are also displayed.

Servers

Software

Displays all software belonging to the servers belonging to the selected role. Software without vulnerabilities is also displayed.

Please refer to the [Software] and [CPE] pages in the help for more information.

Software

Default Server Role

Servers must belong to one of the roles.

One default server role is selected for each group, and the role name is displayed as (default) in the role list.

When registering (scanning) a new server, the default server role is automatically set as the belonging role.

You can set the default server role from the group setting → set from group. GroupAdmin permission is required to display group settings.

image.png