Overview
This article is meant to help you understand how Nucleus allows you to automatically group new assets as they are discovered.
As Nucleus is importing scan data, often we will find new assets that were scanned. This especially happens in DHCP environments or when new assets were added to a specific scan. Nucleus enables you to set up rules that define what Asset Groups the newly discovered assets will have when they are imported into Nucleus.
For a refresher on Asset Groups and their uses in Nucleus, refer to the Asset Groups Overview page. This article assumes you already understand the benefits of using groups within Nucleus and how they are used throughout the application in order to more effectively manage your vulnerabilities.
Automatic Processing Rules
Automatic Processing rules in Nucleus allow you to dynamically group assets & assign risk attributes as they are imported into Nucleus. In general, the asset grouping occurs during a scan import. In order to start grouping your assets automatically, do the following:
1. Log into Nucleus
2. Navigate to Automation in the lefthand vertical navbar
3. Find the Asset Processing Panel and Click Add Rule
4. A modal will pop open to create an asset grouping rule. Enter the following:
- Rule Name: A name to help you remember the rule and what it does.
- Apply Group: You can either select a group from the drop-down OR enter a new group by typing it into the form field
- Risk Attributes: This lets you fill out the risk attributes for any assets affected by this rule. The following risk attributes can be set in an automation rule:
- Business Criticality
- Public-Facing
- Data Sensitivity
- In Compliance Scope
5. Click Next
6. You are now on the Asset Grouping Criteria page. This page allows you to enter in the criteria which will cause an asset to be grouped with the group you entered in Step 4 above. You can choose from the following options:
- Asset Name: The name of the asset as discovered by the vulnerability scanning tool. This is sometimes the hostname or the application name depending on the tool.
- Note On Matching: Be careful using numeric-only matches, as sometimes the only asset name provided is the IP.
- Note On Wildcard: The standard matching is a simple wildcard match, using * (match many) and ? (match one), but you can also use regex in this form field to do more complex matching criteria. To use regex, put a / at the beginning and end of the criteria value.
- Example: /^abc+/
- Asset IP: Enter in either a single IP, IP range with a dash or IP range in CIDR notation to match against
- Example: 192.168.1.1 OR 192.168.1.1-192.168.1.255 OR 192.168.1.1/24
- Asset OS: You can use the OS of the asset as criteria for processing.
- Source: You can enter in the type of scan in which the asset is being imported. This allows the user to easily group assets by scan type
- Note: You can also use regex in this field like in Asset Name above. This allows for more complex matching of scan type or across different scans from the same vendor.
- Example: Qualys will match against the Qualys Scan Type but /Qualys/ will match against both the Qualys and the Qualys_WAS scan type
- Connector: You can use a connector that's been set up as criteria for processing.
7. Click Next
8. The final page is the Additional Options page. This allows a user to test the rule against a sample asset as well as to apply the rule to your existing assets.
9. Click Save & Finish
You are all done! You have created your first asset group rule! This will allow you to have Nucleus automatically group your assets as they are imported, to be used in reports, notifications, and metrics.
Comments
0 comments
Please sign in to leave a comment.