Customizing vulnerability results

You must have the Comply Report Content Administrator role to customize vulnerability results. For more information about Comply roles, see User roles.

Custom scores

Comply allows you to specify a score to an individual CVE. By default, Comply shows the CVSS score.

  1. At the top right of the Home page, click Settings .
  2. On the Vulnerability Customizations tab, click Custom Vulnerability Scores.
  3. Click Create Score Mapping.
  4. In the Upload Vulnerability Score Mapping window, enter a Name, Prefix, and Description.
  5. Click Select File and locate the score mapping file.
  6. Click Save. Your custom score will now show under Custom Vulnerability Scores and be available in the Advanced section of the New Vulnerability Report page when you create a new report.

Following is the file format used for a custom ID mapping: CVE|score

Example: CVE-2017-8789|11.5

Custom ID mappings

Custom ID mappings allow you to create a custom column on results that associates a specific tag with a CVE.

  1. At the top right of the Home page, click Settings .
  2. On the Vulnerability Customizations tab, click Custom Vulnerability ID.
  3. Click Create ID Mapping.
  4. In the Upload Vulnerability ID Mapping window, enter a Name, Prefix, and Description.
  5. Click Select File and locate the custom vulnerability ID mapping file.
  6. Click Save. Your custom ID will now show under Custom Vulnerability IDs and be available in the Advanced section of the New Vulnerability Report page when you create a new report.

Following is the file format used for a custom ID mapping: CVE|custom id

Example: CVE-2014-2814|KB297262

Upload IAVM mapping definitions

If you use IAVM mappings, you can upload IAVM mapping definitions in Comply.

  1. At the top right of the Home page, click Settings .
  2. On the Vulnerability Customizations tab, click IAVM Mappings.
  3. Click Upload IAVM Mapping Definitions and select the file provided to you by your Tanium Technical Account Manager (TAM).
  4. Click Save. The last upload time and the count of IAVM ID and score mappings will be listed on the IAVM Mappings page following successful upload.

Whenever you upload new IAVM mapping definitions, they will replace any existing mapping definitions.

After you have uploaded an IAVM mapping file to Comply, click Download IAVM Mapping File on the IAVM Mappings page to download the last file that was uploaded.

In order to apply the IAVM mappings, you must add both the IAVM ID and score mappings when creating a vulnerability report. In the Advanced section of the New Vulnerability Report page, select IAVM ID Mappings (ID map) to add it. Then click Add Additional Vulnerability Mapping and select IAVM Score Mapping (score map) to add it.

View ID Mappings and Score Mappings in Interact

  1. Obtain the hash for the custom ID for a report by clicking on the report name on the Vulnerability Reports page and expanding More Details. You can click Copy to copy the hash.
  2. In Interact, ask the question that matches the engine type such as Get Comply - CIS-CAT Vulnerabilities from all machines and paste the hash in the Comply bundle hash field.

  3. Use the appropriate Comply sensor for the engine type:

    • Comply - CIS-CAT Vulnerabilities
    • Comply - JovalCM Vulnerabilities
    • Comply - SCC Vulnerabilities
  4. Click Go.
  5. The ID Mappings and Score Mappings columns in the results grid show these mappings.

Download custom ID mapping

In order to view, edit, or reuse a custom ID mapping, you can download it.

Select a custom ID mapping and click download .

Last updated: 6/19/2018 5:34 PM | Feedback