Notifications

2 views

Description

There are several vulnerable items where the remediation target dates are past but the remediation status field still says "In-Flight". These should say past due. The evaluate remediation target scheduled job is running normally.

Cause

The scheduled job "Evaluate remediation targets" might have been modified and it might cause the issue

Resolution


Please note that there is a scheduled job named "Evaluate remediation targets" that runs daily to update the 'remediation Target' and 'remediation status' fields in the Vulnerable item record.

There are two function calls made to the script include "VulnerabilityTTRUtil" in the out of the box scheduled job:

new sn_vul.VulnerabilityTTRUtil().evaluateTTRs();
new sn_vul.VulnerabilityTTRUtil().sendNotifications();

After verifying the script include "VulnerabilityTTRUtil", it turns out that the part of the script that updates the "Remediation Target" is inside the function evaluateTTRs() while the script that updates the "Remediation status" is inside the function sendNotifications()

The function sendNotifications() updates the 'remediation status' and if it is commented out, the 'remediation status' will no longer be updated.

Similarly, if the function evaluateTTRs() is commented out, then the 'remediation Target' will not be updated properly.

Both the function calls are needed to update the "Remediation Target" and "Remediation Status" fields properly. Please note that the order of those function calls are also important.

We might face issues with the 'Remediation Status' if the order of the function calls is flipped. It is recommended to NOT change the order of the function calls.

Article Information

Last Updated:2019-12-04 13:57:02
Published:2019-12-04