Creating, Viewing, and Updating Remediation Plans
What are Remediation Plans? ⫘
Remediation plans allow you to create groups of vulnerabilities and assets to focus on. Common purposes for remediation plans are to:
- Focus on the most critical vulnerabilities, such as the Top 10.
- Focus on assets with the highest criticality in your network.
- Track remediation of similar vulnerabilities, such as Windows vulnerabilities.
Tip
You will have the greatest impact on your overall healh score by removing all critical vulnerabilities found on an asset versus fixing a single critical vulnerability across multiple assets. An asset's Health Score is calculated based off of the worst vulnerability CPS score it is affected by.
For example, an asset has three vulnerabilities: two vulnerabilities with a CPS score of nine and one vulnerability with a CPS score of seven. If only one of the vulnerabilities with a nine CPS score is fixed, the Health Score will remain the same due to the asset still having another vulnerability with a CPS score of nine. If both vulnerabilities with a nine CPS score are fixed, now the vulnerability with the CPS score of seven is the "worst" CPS, and the Health Score of the asset will increase. See Health Score Panel for more information on the Health Score.
Remediation Workflow Overview ⫘
Remediation Workflow Overview
Connectors ⫘
Using connectors is a way to integrate Secureworks® Taegis™ VDR with an external ticketing system.
Note
Even if the plan is created with a connector attached to it, you need to specifically "assign" the plan for the data to be sent to the ticketing system.
- The plan is assigned to the relevant ticket and enables you to see all of the information that is within VDR.
- Add notes and keep track of progress
- Set a deadline for the issue to be fixed
Creating Remediation Plans ⫘
Remediation plans can be created in VDR in two ways:
Vulnerabilities View ⫘
- Navigate to the Vulnerabilities view.
- Select the checkbox for one or more vulnerabilities.
- From the Plans drop down menu at the top right of the Vulnerabilities list, select one of the options to Create New Remediation Plan, Add to Remediation Plan, or Remove From Remediation Plan.
Tip
If you do not see the dropdown, it is because you have access to multiple teams and you need to be in the context of a specific team to add vulnerabilities to a plan.
- Create New Remediation Plan — Give the plan a unique name and select a connector, if applicable.
- Add To Remediation Plan — Select an existing Remediation Plan to add selected vulnerabilities to.
- Remove From Remediation Plan — Remove selected vulnerabilities from an existing Remediation Plan.
Create Remediation Plan from Vulnerabilities View
It can take a few minutes for vulnerabilities to appear in a newly created plan.
Remediation View ⫘
- Navigate to the Remediation view, select Actions, and then choose Create New Remediation Plan.
- Give the plan a unique name and select a connector, if applicable.
When creating plans from the Remediation view, there will not be any vulnerabilities in the plan. You will need to navigate to the Vulnerabilities view, select the vulnerabilities you would like added to the plan, and choose Add To Remediation Plan from the Plans drop down menu at the top right of the Vulnerabilities list.
Create Remediation Plan from Remediation View
Viewing Remediation Plans ⫘
From the Remediation view of VDR, use the search field and an extensive set of filters to easily find and sort Remediation Plans based on their characteristics.
The default view presents a list of filters (Active, Closed, Connector) with checkboxes on the left side, a search field for Last Updated on top of the view, and a list of plans presented in sortable columns by either Name/ID or Health Score Impact.
Note
The Health Score Impact represents how your security posture is improved through addressing all the vulnerabilities in a plan. The Health Score gives precedence on addressing the most critical vulnerabilities on assets completely versus addressing critical vulnerabilities randomly in your environment. Read more on how the health score is defined.
The Progress percentage of Fixed vulnerabilities, the number of Fixed vulnerabilities compared to the total in the plan, and the Timeline of the plan all display within the Remediation list. The List button to the right of a row can be selected to view all vulnerabilities within the plan.
View of Remediation Plan
Timeline Information ⫘
When you hover over the Timeline for a Remediation Plan within the list, the following information displays:
- Days the plan has been Active
- Date the plan was Assigned to a connector
- Date the plan was Last Updated
- Deadline
- Number of Days Overdue past the set Deadline
Select the arrow on the far left side of the row for a Remediation Plan to expand the row to show additional details starting with the Info Panel.
Expand Remediation Plan
Info Panel ⫘
The Info Panel contains the following information:
- Name & ID
- Creation Date and Last Updated
- Vulnerability State
- Vulnerability Count
- Count by Severity
Warning
VDR continuously re-prioritizes vulnerabilities in your environment based on internal and external factors which may cause the severities of the vulnerabilities to change, though the total number of vulnerabilities should not, unless you completely remove assets from your environment; if you remove assets from your environment, the vulnerability data associated to them is removed as well, whether they were active or fixed.
- Notes
- Deadline
Info Panel View
Vulnerabilities Panel ⫘
The Vulnerabilities Panel provides the following details and actions:
- Vulnerabilities assigned to the plan
- Ability to filter by Active, Snoozed, False positive, and Fixed
- Under actions, you can:
- Update severity
- Mark as verified
- Mark as false positive
- Snooze
- Show More details about the vulnerability
Vulnerabilities Panel
Scoring Panel ⫘
The Scoring Panel provides details on how the vulnerabilities in the plan are scored based on VDR's Contextual Prioritization Score (CPS).
Select a Factor Category to view additional details on what factors of influence most contributed to the re-prioritization.
As more information of the properties and context of the vulnerability is gathered, statistics on this page change.
For more information on the Contextual Prioritization Score, see Understanding More Complex Prioritization Factors.
Scoring Panel
Assets Panel ⫘
The Assets Panel provides details on the assets associated with this plan:
- Address or URL of affected assets in this remediation plan
- Type of asset (Server or Website)
- The overall vulnerabilities for the asset (not just the ones addressed in the plan)
Assets Panel
History Panel ⫘
The History Panel provides audit level details of which users made changes and when they were made to the plan:
- Date change was made
- Description of the change
- Who the change was Done By
Note
Due to the volume of these events, they are not included in the Activity Log of the platform.
History Panel