Skip to Main Content
Cyber GRC Ideas Portal
Status Pending Roadmap Inclusion
Created by Guest
Created on Nov 20, 2019

No provision to find Vulnerability Ageing

Adding Vilnerability Ageing to the Rule Wizard and Calculate  & Fetch the First Identified Date and Last Scanned date from tenable-to  configure the automation for items that are not compliant as per the risk appetite 

 

 

  1. Customer use Tenable as a scanner and we are pulling the vulnerability scan results from tenable to MS application.
  2. Once we pull the results, the VM team raise an Issue/Nonconformity based on below rules.

 

  • Rule 1:  Vulnerability Severity = Critical and Vulnerability Ageing = 15

 

  • Rule 2:  Vulnerability Severity = High and Vulnerability Ageing = 25

 

  • Rule 3:  Vulnerability Severity = Medium and Vulnerability Ageing = 25

 

To setup above Remediation Rules in the system, I can see first part in the rule wizard , Please see screenshot below

 

 

 

I am not able to find the Vulnerability ageing as an attribute value from the rule wizard.

 

 

We have two values captured in tenable for each vulnerabilities 1. First Discovered date 2. Last Observed Date and we can calculate the vulnerability ageing from those two columns. Please see below formula.

 

 

Formula for Ageing: Vulnerability Ageing = First Discovered date - Last Observed Date

 

E.g.  First Discovered date : 15th Oct

Last Observed Date : 30th Oct

 

Vulnerability Ageing : 15 Days

  • Attach files