Threat & Vulnerability Management

SABB employs the services of 2 external vendors to scan the internet facing IP addresses to check for any vulnerabilities. These results (2 different excel formats) should be up-loadable into the system. The external IP can in fact refer to the sa...

Issues created by vulnerability scan should be auto-closed if in the subsequent scans, that vulnerability is not active A new source type – External Vulnerability Update to be supported in Issue management app. This feature should be an optional f...

The SLA applied by TVM team on IT resource users is 90 days. All the issues open on the 1st day of the quarter has to be stored (Issue, Action, start date, Due Date, Title, Pending with, Owner by Org, Owner etc.,). The same vulnerabilities/issues ...

Users can raise request/ticket for server movement, new server commissioning, production movement etc., This will trigger Nexpose scan on the target IP by TVM coordinator Once the vulnerability scan results are out and no issues are triggered, the...

When assets are pulled in from CMDB Service Now IP address information is not held. Therefore the scanner will pick up many IP addresses where the Asset is available but no IP information is entered. The ask is to include in M7 the ability to conf...

QualysGuard has an inventory of Assets being scanned and it therefore adds value to import the same set of Assets into the GRC Asset Library.

From an integrated GRC approach it adds value to have an Asset's Process linkage available under Asset vocabulary when defining Remediation Rules.

Increasingly FIPS 199 is being leveraged as a method to classify Assets in order to determine their business significance. It adds value to enhance the Asset Library to support the FIPS 199 methodology.

From an integrated GRC approach it adds value to have an Asset's Risk Rating/Score available under Asset vocabulary when defining Remediation Rules.