Follow

Automatically Setting Vulnerability Category Type

NormShield calls these abstracted vulnerability definitions, vulnerability categories and they are stored in NormShield knowledge base. Every vulnerability category has a responsible authority who should mitigate the security weaknesses. Vulnerability category type denotes this classification. For example, Cross Site Scripting is a title of a vulnerability category whose type is WebApp.

As new vulnerabilities are found, their abstracted definitions are inserted into NormShield knowledge base. In case the need for automatically setting types of these vulnerability categories emerges, NormShield provides Categorization ability under Admin->Categorization sub menu.

The figure below shows the list of already created categorization rules. They can be executed, edited and deleted. These rules are also executed periodically every one hour. Since every company created under a single NormShield installation uses the same knowledge base, the rules will affect all companies.

When the "new configuration" button is clicked, a dialog pops up as shown below. On this dialog select "Vulnerability Category Type" as the entity type since we'll be creating a new configuration rule for automatic setting of vulnerability category types.

The "Content" text area is the value of the rule that will be executed and question mark link can be clicked for some of the rule examples.

Lastly Vuln Category Type combobox includes the types that will be assigned when the rule above matches with a vulnerability category. Only the title of the vulnerability category can be used in a rule.

In order to make sure the rule is well written and executed as aimed, the "Search" button should be clicked and the example results should be analyzed whether the rules is good to save.

After that check, Save button saves the rule.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk