Update Remediation by Assessment and its Effects on Vulnerability Remediation Workflow States

Summary: Overview of Update Remediation by Assessment’s (URbA)’s impact on vulnerability remediation workflow states.

The Ivanti Neurons RBVM/ASOC/VULN KB platform includes a function named Update Remediation by Assessment (URbA), which is used to compare scan finding results between assessments/scans. Any scanner findings currently in an ‘open’ state (e.g., Unassigned, Assigned, RM Requested, etc.) are compared against the latest scan results for the host. If a vulnerability is not picked up by the scanner under the most recent assessment containing a fingerprint of the underlying asset, the platform closes that finding and moves it to a state of RM Approved by Scan.

URbA can affect findings in three ways:

1. If a vulnerability in an open state (Unassigned, Assigned, RM Requested, FP Requested, RA Requested, RM Reworked by Scan) is identified within the latest scan/assessment containing a fingerprint of the host for which the vulnerability was identified, the finding retains its current state.

2. If a vulnerability in an open state is not picked up by the latest assessment containing a fingerprint of the host, the finding would move to a closed state of RM Approved by Scan.

3. If a vulnerability in a closed remediation-related state (RM Approved, RM Approved by Scan) and is identified within the latest assessment, the finding is re-opened to a state of RM Reworked by Scan. Findings that are closed as False Positive or Risk Acceptance would not be re-opened via URbA.

The blue History button found within the Host Finding Details (the right-side dialog which appears when a user selects a finding line-item) contains the full vulnerability audit trail, including frequency of scanner identification.