NormShield calls vulnerability definitions, vulnerability categories and they are stored in NormShield knowledge base. These categories can be further classified with tags assigned to them dynamically. What is labels to asset is the tags to vulnerability categories.
Root causes are different types of tags on vulnerability definitions. This type of tag enable NormShield users to understand root venues of mitigations and act accordingly.
As new vulnerabilities are found, their abstracted definitions are inserted into NormShield knowledge base. In case the need for automatically categorize root causes of these vulnerability categories emerges, NormShield provides root cause Categorization ability under Admin->Categorization sub menu.
The figure below shows the list of already created categorization rules. They can be executed, edited and deleted. These rules are also executed periodically every one hour. Since every company created under a single NormShield installation uses the same knowledge base, the rules will affect all companies.
When the "new configuration" button is clicked, a dialog pops up as shown below. On this dialog select "Vulnerability Category RootCause" as the entity type since we'll be creating a new configuration rule for automatic vulnerability category root cause tagging.
The "Content" text area is the value of the rule that will be executed and question mark link can be clicked for some of the rule examples.
Lastly Label/Tag/RootCause text box includes the root cause that will be assigned when the rule above matches with a vulnerability category. For now only title of the vulnerability category can be used in a rule.
In order to make sure the rule is well written and executed as aimed, the "Search" button should be clicked and the example results should be analyzed whether the rules is good to save.
After that check, Save button saves the rule.