To create a new rule, go to Rules > Create Rule.
Provide rule name and rule description for the rule to be created. Click Next.
In the Select Assets step, you can select tags to include(1) and exclude(2) the assets in the rule.
Click to select the assets using asset tags. If you select Any value from drop-down, asset with any selected tag will be included/excluded. If you select All value from drop-down, asset having all selected tags will be included/excluded. You can search and select asset with asset tags.
Note: For the newly created asset, software authorization rule won't be applied to the asset because tag evaluation happens after the asset creation. In subsequent scan, the software authorization rule will be applied to the asset.
Once you've selected the assets with asset tag to include and exclude, click Next.
In the Select Software step, add and select Authorized Software (1), Unauthorized Software (2), and software that Needs Review (3) to be included in the rule.
Click to select and add software to the rule. You can search and select the software with software name. Click Product parameter if you want to add an individual software product to the rule. Click Publisher parameter if you want to add all software of the selected publisher to the rule. Click Category parameter if you want to add all software of the selected category to the rule . Want to Add Software from Golden Asset Image?
Click Add Software from Golden Asset Image to select the software from golden image assets which shows pop-up to select software.
Select a software from the list and click Apply.
While updating the existing added software from golden image assets, it will overwrite the existing selection.
Select the software and click Add To Rule.
Once you add software in the Authorized bucket, you can mark software as required for the asset. If the required software is not installed on the asset, it will be flagged as 'missing required software' for the asset.
Modify version/update scope:
Once you add software for Authorized, Unauthorized, and Needs Review list, click Modify to select the appropriate criteria.
You can select software with different versions and/or update criteria from the following list:
- In Between
- Selecting Version and Update criteria in different categories for the same product is prohibited. For example, you are not allowed to select 'Cloud Agent' product with 'Version' criteria in the 'Unauthorized' category and 'Cloud Agent' product with 'Update' criteria in the 'Authorized' category for the same rule.
- Make sure you have not selected the same specific software (with version and/or update) in different categories. If you select the same specific software in two different categories, it will show an error message for conflict while creating a rule. For example, if you select 'Cloud Agent' product with 'Specific - Version = 4.6' criteria in the 'Unauthorized' category and 'Cloud Agent' product with 'Below - Version = 5.0' criteria in the 'Authorized' category for the same rule, the "Cloud Agent 4.6" will be considered in both the categories which is conflicting.
Once you've added software in the desired category, click Next.
Review and confirm your selections. You can edit basic information, select assets, and select software from this step as well if required.
Click Finish. Click Reorder This Rule to reorder the rule.
Click View All Rules to see the list of rules on the Rules page.
From the Quick Actions menu, you can view, edit, delete, disable, and create alert for the rule. For more information, refer Manage Authorization Rule.
Software Rules lists following default rules in the 'Disabled' state:
- Apps with Log4j: When enabled, this rule applies to all the software that uses Log4j and that are vulnerable or potentially vulnerable as documented by NCSC-NL. QLYS-CSAM - Log4j Risk dashboard shows assets vulnerable to Log4j with count of apps, Log4j versions, os distribution, etc.
- Software Elevating CyberSecurity Risk for Data Center Assets: When enabled, this rule applies to all the software products that elevate Cybersecurity Risk for Data Center Assets.
- Most Common Ransomware Attack Vectors: When enabled, this rule applies to all the software products that are most commonly used as Ransomware Attack Vectors. RansomWare (RW) Attack Vectors dashboard allows you to examine your assets with missing antivirus, Cybersecurity Risk for Data Center, Most Common Ransomware Attack Vectors, threat exposure, use previous searches, and swiftly remedy the vulnerabilities that are most important to you.
Click Software tab to view the list of software with publisher, category, authorization, rule name and rule status.
Also, you can view the software rules based on the criteria, whether the software is authorized or not by the rule, as highlighted in the following screenshot.
To view the software product as authorized/unauthorized, go to Inventory > Software > under the quick actions menu, click View Authorization Rule.
You can view whether the software product is authorized or not.
If you want to view the missing required software details, then go to Inventory > Software > from the quick action menu > Click View Install List > Click Asset > Installed Software. You can view the missing required software details against the software rule and the product.
Click on the rule name to view the rule.
While selecting the tags for creating the rule, you can use the 'Search within child' checkbox to choose either to show the entire hierarchy of the parent and child tags or to show the parent and child tags that contain the keyword or the substring of the keyword you used to search the tags.
When you select the Search within child checkbox and search for tags by using a specific keyword, the search results display only the parent and child tags that contain that keyword or the substring of that keyword. The Search within child checkbox is selected, and “child” is the keyword that is used to search for the tags. In the following example, the Search within child checkbox is selected, and “child” is the keyword that is used to search for the tags.
When you clear the Search within child checkbox and search for tags by using a specific keyword, the search result displays all the parent and the entire hierarchy of child tags, irrespective of whether the child tags contain the keyword or the substring of the keyword that you specified.
In the following example, wherein the “child” is the keyword that is used to search for the tags.