Remediation: Overview

Summary: High-level overview of the remediation workflow.

Remediation serves as acknowledgement that a vulnerability has been fixed or removed. Within Ivanti Neurons, remediation can occur either automatically through the “Update Remediation by Assessment” (URbA) process or a manual approval process.

In both scenarios, the system tracks remediation by assigning the scanner finding representing that vulnerability to a workflow. When the system marks a finding as remediated, it places the finding in a Remediated by System workflow. When an organization wants to close the finding manually, it can add the finding to a Remediation workflow.

If the scanner identifies the vulnerability again, the URbA process will add that finding to a Rework by System workflow. URbA can operate upon findings in both system and user-created remediation workflows.

If an organization wants to remediate findings temporarily, it can assign an expiration date to a manual remediation workflow. Without an expiration date, the workflow will mark associated findings as closed indefinitely.

A user-created remediation workflow can be in one of several states:

• RM Requested: The workflow is awaiting manager approval.
• RM Approved: A manager has moved the workflow into the Approved state. This action also closes any findings mapped to the workflow.
• RM Reworked: The manager can signal that a workflow request needs additional justification by moving it into the Reworked state.
• RM Expired: When a remediation workflow expires upon its designated expiration date, a mapped finding will reopen unless the organization has provided other evidence that it has fixed the vulnerability (e.g. URbA).
• RM Rejected: The organization considers the workflow invalid. An organization can reject a workflow at any point unless it has already expired.