Correlation Assistant
Correlation Assistant can be used to identify similar vulnerabilities that can be grouped into a single ticket.
It can work either across specific scanners (e.g. only to correlate vulnerabilities across Wiz and Tenable) or regardless of the scanners (when "All" option is selected).
There are two use cases of the Correlation Assistant feature;
- When creating a ticket manually on the issue manager: When the Correlation Assistant toggle is turned on, Kondukto looks for vulnerabilities that match with the fields of the vulnerability that the user is trying to create a ticket for.
Then it becomes possible to select those correlated vulnerabilities and create a single ticket for all of them.
Vulnerabilities that have been previously assigned an issue are not included in the list since one vulnerability can not be mapped to multiple tickets on Kondukto.Correlation assistant toggle only appears when one vulnerability is selected to create a ticket for. For multiple vulnerabilities, this feature does not work.
- When Kondukto automatically creates a ticket based on the issue criteria: When Correlation Assistant toggle is turned on in the following section, in each scan Kondukto first checks for vulnerabilities that match the issue criteria.
Then, within that bucket it groups similar vulnerabilities into a single ticket and does not take into consideration similar vulnerabilities that fall outside the scope of issue criteria or those that were discovered in previous scans.
There needs to be an applicable issue criteria for correlation assistant to work when creating tickets automatically.
Here is an example;
- We have an issue criteria where we select "Critical" severity vulnerabilities.
- We have a correlation assistant rule where we correlation vulns. with the same "Name" regardless of the scanner.
- We run a scan where we have 4 Critical and 1 High severity vulnerabilities, all with the same "Name".
- There is another Critical severity vulnerability in the project with the same "Name" that was discovered in a previous scan.
- In this case, Kondukto will only create a single ticket that groups 4 Critical severity vulnerabilities that are discovered in the last scan.
Updated about 2 months ago