Vulnerabilities are specific weaknesses on assets. NormShield separates the definition of vulnerabilities from vulnerabilities themselves for easy management. The definition of vulnerabilities include some of the abstract information about a vulnerability category.
NormShield calls these abstracted vulnerability definitions, vulnerability categories and they are stored in NormShield knowledge base. These categories can be further classified with tags assigned to them dynamically. What is labels to asset is the tags to vulnerability categories.
As new vulnerabilities are found, their abstracted definitions are inserted into NormShield knowledge base. In case the need for automatically tagging these vulnerability categories emerges, NormShield provides Categorization ability under Admin->Categorization sub menu.
The figure below shows the list of already created categorization rules. They can be executed, edited and deleted. These rules are also executed periodically every one hour. Since every company created under a single NormShield installation uses the same knowledge base, the rules will affect all companies.
When the "new configuration" button is clicked, a dialog pops up as shown below. On this dialog select "Vulnerability Category Tag" as the entity type since we'll be creating a new configuration rule for automatic vulnerability category tagging.
The "Content" text area is the value of the rule that will be executed and question mark link can be clicked for some of the rule examples.
Lastly Label/Tag/RootCause text box includes the tag that will be assigned when the rule above matches with a vulnerability category. Only the title of the vulnerability category can be used in a rule.
In order to make sure the rule is well written and executed as aimed, the "Search" button should be clicked and the example results should be analyzed whether the rules is good to save.
After that check, Save button saves the rule.