Customizing vulnerability results

You must have the Comply Report Content Administrator role to customize vulnerability results. For more information about Comply roles, see User role requirements.

Use custom ID mapping and custom scoring to align CVEs to the frameworks on which you report.

Custom scores

Comply allows you to specify a score to an individual CVE. By default, Comply shows the CVSS score.

1. From the Comply menu, click Setup > Vulnerability.
2. On the Custom Vulnerability Scores tab, click the Import Mapping button and select Custom Score.
3. In the Import Score Mapping window, enter a Name, Prefix, and Description.



4. Click Browse and locate the score mapping file.
5. Click Import. Your custom score will now show under Custom Scores.
6. Select your custom score and click the Create Assessment button to create a new assessment directly from the Custom Score tab.

You cannot delete a custom score that is used in an assessment. You must delete the assessment first, and then you can delete the custom score.

Use the following file format for a custom score mapping: CVE|score

Example: CVE-2017-8789|11.5

Custom ID mappings

Custom ID mappings allow you to create a custom column on results that associates a specific tag with a CVE.

1. From the Comply menu, click Setup > Vulnerability
2. On the Custom IDs tab, click the Import Mapping button and select Custom ID.
3. In the Import Custom ID Mapping window, enter a Name, Prefix, and Description.
4. Click Browse and locate the custom vulnerability ID mapping file.
5. Click Import. Your custom ID will now show under Custom IDs.
6. Select your custom ID and click the Create Assessment button to create a new assessment directly from the Custom ID tab.

You cannot delete a custom ID mapping that is used in an assessment. You must delete the assessment first, and then you can delete the custom ID mapping.

Use the following file format for a custom ID mapping: CVE|custom id

Example: CVE-2014-2814|KB297262

Upload IAVM mapping definitions

Information Assurance Vulnerability Management (IAVM) is a vulnerability source that is managed by the Department of Defense (DOD) and is accessible only with a common access card (CAC).

If you use IAVM mappings, you can upload IAVM mapping definitions in Comply.

1. From the Comply menu, click Setup > Vulnerability.
2. On the IAVM Mappings tab, click the Browse button and select the custom IAVM file.



3. Click Import. The last upload time and the count of IAVM ID and score mappings will be listed on the IAVM Mappings page.

When you import new IAVM mapping definitions, they will replace any existing mapping definitions.

You cannot delete an IAVM mapping that is used in an assessment. You must delete the assessment first, and then you can delete the IAVM mapping.

To apply the IAVM mappings, you must add both the IAVM ID and score mappings when you create a vulnerability assessment. Assessments using IAVM mappings will need to be redeployed to apply the new mappings to their results.

View ID Mappings and Score Mappings in Interact

1. Obtain the hash for the custom ID for a report by clicking on the assessment name on the Vulnerability Assessments page and expanding More Details. You can click Copy to copy the hash.
2. In Interact, ask the question that matches the engine type such as Get Comply - CIS-CAT Vulnerabilities from all machines and paste the hash in the Comply bundle hash field.
   
   







Use the appropriate Comply sensor for the engine type:

• Comply - CIS-CAT Vulnerabilities
• Comply - JovalCM Vulnerabilities
• Comply - SCC Vulnerabilities

If you are using a Tanium Console version older than 7.5.2 with Comply 2.11, the sensors listed here are deprecated and hidden. For instructions on un-hiding sensors, see Tanium Console User Guide: View sensor details.

3. Click Ask Question.
4. The ID Mappings and Score Mappings columns in the results grid show these mappings.

Download custom ID mapping

In order to view, edit, or reuse a custom ID mapping, you can download it.

Select a custom ID mapping and click export.