Go to zn HUB > Rules , and then click on Add Ruleset :
In the Create Ruleset screen:
Fill in Name and Description. For the Action field, select:
- Alert - Generate an Alert event.
- Ignore - Ignore the Issue.
- Override - Override the Severity of the Issue.
Specify the Rule . A Rule is a triple consisting of:
field name | comparison operator | value string
Add one or more Rules by clicking on the Add Rule button:
Multiple Rules within a Ruleset apply the logical AND operation between them. Click Save Ruleset to create the new Ruleset:
Things to Keep in Mind
- Rules apply only to new Issues detected since the creation of the Ruleset.
- Unless specified by using policyId or policyName , rules will apply to all Policies in your account.
- Multiple Rules within a Ruleset apply the logical AND operation between them.
- Multiple Rulesets that apply to a Scan job apply the logical OR operation between them.
- Review your IGNORE rules on a regular basis to make sure they are still needed.
Field Names
As of 2020, the available field names are:
- issueName: Name of issue
- issueDescription: Details of issue
- key: Issue key
- issueType: Type of issue. Expected value:
VULNERABILITY,CODE_SMELL,BUG``- suggested reading Supplemental Issues
- target: Name of target
- targetId: Target ID
- port: Port number
- scanTool: Name of scenario
- severity: Severity score as a CVSS 3.0 number between -1.0 and 10.0
- severityCode: Valid values are
Info,Low,Medium,High,Critical - policyId: Policy ID
- policyName: Name of policy
- product: Name of product (scanning tool)
- scenarioId: Scenario ID
- status: Issue status. Expected value:
Detection,Existing,Remediation
Comparison Operators
And the available comparison operators are:
- =
- !=
-
=
- <
- <=
- contains
- does not contain