Update Remediation By Assessment (URBA): Overview

Summary: This article provides an overview of Update Remediation by Assessment and its functionality.

Update Remediation by Assessment (URbA) is a function that compares the last two assessments in which a given asset has been found. If a vulnerability was found in an initial assessment for a given asset and a subsequent scan no longer shows that vulnerability on the asset, running URbA marks that vulnerability as RM Approved by Scan and is considered closed. Likewise, if a vulnerability has been marked as Approved using the manual remediation process but is still found in the following scan, running URbA puts that vulnerability into the RM Reworked by Scan state and is considered open. Findings in the Risk Acceptance (RA) or False Positive (FP) workflows are not affected by URbA.

Users need the IAM privilege Integration Manual Upload Control to run URbA on assets.

To run URbA, navigate to either the Manage > Hosts or Manage > Applications pages. For this example, we will use the Network > Hosts page.

Update Remediation by Assessment - Hosts and Applications Menu Location

The process is identical for web applications, except you would navigate to Manage > Applications to initiate the process instead of Manage > Hosts.

Select assets to compare by clicking the check box in the page’s first column. You may select more than one asset within a client.

Update Remediation by Assessment - Select Hosts

Click the More button.

Update Remediation by Assessment - More Button Location

In the More drop-down menu, click Update Remediation by Assessment.

Update Remediation by Assessment - URbA Button Location

A confirmation notification appears on the screen describing the URbA process. Click Continue to finish.

Update Remediation by Assessment - URbA Window

Once clicked, a snackbar notification appears at the bottom of the page stating that the remediation process has started.

Update Remediation by Assessment - Submitted Request