Update Remediation By Assessment (URBA): Overview
Summary: This article provides an overview of Update Remediation by Assessment and its functionality.
Update Remediation by Assessment (URbA) is a function that compares the last two assessments in which a given asset has been found. If a vulnerability was found in an initial assessment for a given asset and a subsequent scan no longer shows that vulnerability on the asset, running URbA marks that vulnerability as RM Approved by Scan and is considered closed. Likewise, if a vulnerability has been marked as Approved using the manual remediation process but is still found in the following scan, running URbA puts that vulnerability into the RM Reworked by Scan state and is considered open. Findings in the Risk Acceptance (RA) or False Positive (FP) workflows are not affected by URbA.
Users need the IAM privilege Integration Manual Upload Control to run URbA on assets.
To run URbA, navigate to either the Manage > Hosts or Manage > Applications pages. For this example, we will use the Network > Hosts page.
The process is identical for web applications, except you would navigate to Manage > Applications to initiate the process instead of Manage > Hosts.
Select assets to compare by clicking the check box in the page’s first column. You may select more than one asset within a client.
Click the More button.
In the More drop-down menu, click Update Remediation by Assessment.
A confirmation notification appears on the screen describing the URbA process. Click Continue to finish.
Once clicked, a snackbar notification appears at the bottom of the page stating that the remediation process has started.