Workflow (Remediation/Exception)
      Back to home
      1. Knowledge Base
      2. Analyst/Remediator Learning Path
      3. Workflow (Remediation/Exception)

      How do I create a Remediation Plan?

      Select vulnerability instances and select Create Remediation Plan

      Overview

      A remediation plan houses a group of vulnerability instances that can be used as an indication or priority of work to remediate. Normally, VM analysts create remediation plans and provide them to a remediation team to conduct work. 

      Remediation Plans, however, can be leveraged without assigning to a team and can be used to measure progress for a selection of vuln instances if needed.

      Selection of Vuln Instances

      Users can select the vuln instances to be grouped within a remediation plan a number of ways, however, a vuln instance can only be in ONE remediation plan at a time. If a user attempts to create a remediation plan with a vuln instance that exists within a remediation plan already they will receive an error.

      From Report Table

      Users can leverage the Report Table found within the Prioritize page to identify and select the vuln instances.

      1. Load a Saved Report or Query
      2. Manipulate your query as needed to identify vuln instances that need to be worked on
        1. Note: Add instance.in_plan = false to your query to find vuln instances not already in a plan.
      3. Select one or more vuln instances by clicking the checkbox on the report table row
      4. Click on "Create Remediation Plan"
      5. See Remediation Plan settings below

      From a Vuln Instance Details Pane or Page

      Users can create a remediation plan from within a specific vuln instance page or details pane. 

      1. Open a Vuln Instance details pane by clicking on the "Eye" icon on the row (next to the checkbox)
      2. From the Plans section (on the second row, far right section)
      3. Click on Create Remediation Plan
      4. See Remediation Plan settings below

      Through Automated Rules

      As of 9/07 this feature is not yet available. Expect this to be available by end of Q4 2023.

      Administrators, Managers, and Automation Managers will be able to configure automated remediation plan rules. Each rule consists of a Name, a Schedule, a specific Query, and the Remediation Plan settings.

      Remediation Plan Settings

      1. Select the Group By
        1. Target = Will create one Action that houses one or more Plans per unique Target found within the list of vuln instances.
        2. Vuln = Will create one Action that houses one or more Plans per unique Vuln found within the list of vuln instances.
        3. Vuln Instance = Will create one Action that houses one ore more Plans per unique Vuln Instance.
        4. No Grouping = Will create one Action and one Plan that contains all of the vuln instances selected.
      2. Provide a Remediation Name
      3. Provide the Destination (Not yet available)
      4. Provide the Assignment logic (Not yet available)
      5. Hit Create/Save