Hides acceptable vulnerabilities and prioritizes unacceptable vulnerabilities.
Since the acceptance details vary from organization to organization, a relatively loose triage method is described below as an example.
CSIRT plans can use advanced auto-triage functionality.
Hide vulnerabilities that are not classified as “network”.
Similarly, select those that do not provide patches and hide them.
Depending on the organization’s policy, filtering may be done by “Warning information: ○,” “Attack code: ○,” “Mitigation/workaround: Disable,” “Attack possible without authorization: ○,” and so on.
By hiding risk-acceptable items on the screen, only vulnerabilities that must be addressed will be displayed on the screen.
By using the auto-hide function in the CSIRT plan, you can define rules for risk acceptance in advance and automatically hide tasks. This can be flexibly defined in combination with server tags.
For example, the following vulnerabilities can be considered low-risk and automatically hidden
After the aforementioned “hide acceptable vulnerabilities,” only vulnerabilities that need to be addressed will remain. The remaining vulnerabilities will be prioritized and addressed.
Based on the above information, priorities are assigned and actions are taken according to the priority level.
The items can be replaced, so for example, if you are using only Red Hat Enterprise server, it is easy to check by replacing them in the following order.
To respond with mitigation measures such as changing settings, set the status of the task to WORKAROUND.
ONGOINGand enter the scheduled response date and the primary person in charge of the task, so that it will appear in the list of
TASKSof the person in charge. After the response is completed, change the status to
Tasks that have been set to
WORKAROUND status will no longer appear in the
Unsupported list, but in the
When responding by applying a patch, there is no need to change the status when the application is completed.
ONGOINGin the “Update Related Tasks”.
PATCH_APPLIEDin the scan and the vulnerability will disappear from the vulnerability list.
Please use FutureVuls’ patching support feature.
After the response to the vulnerability is completed, confirm that the vulnerability is hidden from the list of vulnerabilities that need to be addressed.
The topic function can be used to share information to other group operators in the same organization. Since information can be shared in units of CVE-IDs within an organization or group, information can be consolidated and stored in one place compared to information sharing via Slack or email.
Be aware that there are many attacks on the Internet, so be careful.
In addition, the [Danger function] (/en/manual/topic/#Enables alerting of particularly dangerous vulnerabilities) can be used to alert other operators. Dangerous CVEs are highlighted in red. Operators in other groups will be aware of the alerted vulnerability and can view the topic for more information about the alert.
Using the Automatic Danger Function in the CSIRT Plan, you can define rules that determine high risk in advance and automatically make them Dagner This can be used in combination with server tagging to enable flexible definitions. This can be flexibly defined in combination with server tags.
For example, the following vulnerabilities can be considered high-risk and automatically marked as Danger.