Virtual Targets

ZeroNorth Experts
1

ZeroNorth is pleased to offer in a beta program a new feature called “Virtual Targets”. Virtual Targets provide a way for Issues that are collected for a Target to be dealt with in a more granular and flexible manner.

For example, if target “A” has 100 Issues under it, but you want to assign accountability of those 100 Issues to different teams based on a set of criteria, you can define the Virtual Targets to match the Issue assignment needs.

image

Another important use of Virtual Targets is to assign Target-level security risk to more than one Application.

image

In the above example, Target “A” is able to attribute a portion of its security risk to a second Application .

A Target, in General

Let’s start with a review of what a Target is in the ZeroNorth platform. A Target in the ZeroNorth platform represent the things that is being scanned. A Target can represent things like:

  • A code repository (e.g. GitHub, Bitbucket, etc.)
  • A build binary (“Artifact”)
  • A URL
  • A host
  • A network subnet
  • Etc.

A Target can also have Notifications such as Email, Slack, JIRA, etc. Most importantly, when a scan is done, and the issues are collected, refined, and synthesized, they are associated with a Target.

A Virtual Target

A Virtual Target is like a Target and has the following characteristics:

  • Has Rule(s) that define which issues it will be associated with.
  • Can be associated with more than one Target.
  • Not associated with an Integration .
  • Not Typed – a Virtual Target is not Typed as a “repository”, “custom”, “artifact”, etc.

In effect, a Virtual Target can be used to represent a subset of the Issues associated with its parent Target(s).

image

Working with Virtual Targets

The basic workflow is as follows:

  1. Create one or more Virtual Targets, making sure to include the desired Notifications in each Virtual Target.
  2. Add the Virtual Targets to a new or an existing Target.
  3. View results for Virtual Targets in znHUB > Targets.

1) Create a Virtual Target

  1. Go to znOPS > Targets .
  2. Click +Add Target .
  3. Enter a Name for the Virtual Target.
  4. Set Target Type to “Virtual Target”.
  5. Specify one or more Rules . Multiple rules are combined with logical AND.
  6. Specify one or more Notifications . See the section below for more information about Notifications.
  7. Click Save .

2) Add Virtual Targets to a Target

  1. Go to znOPS > Targets .
  2. Select a Target (or add a new Target).
  3. Using the Virtual Targets field, select one or more Virtual Targets. The selected Virtual Targets will show up in a list below the Target definition panel.
  4. Rearrange the order of the Virtual Targets as needed.
  5. Optionally check “Exclusively assign issues to first matching virtual target”. Select this option forces an Issue to be assigned to only the first matching Virtual Target

3) Add Virtual Targets to an Application

  1. Go to znOPS > Applications .
  2. Select an Application (or add a new Application).
  3. Under Target Selection, set Stage to “Deploy” and Filter Integrations by Type to “Virtual Target(beta)”

image
image850×730 58.4 KB

  1. Select the “Target” and add to application.
  2. Click Save .

Additional Considerations

Issues and Virtual Targets

Because Virtual Targets affect Issues associated with Targets, the Issues being affected are the Synthetic Issues associated with the “parent” target.

The Target Dashboard

The Target Dashboard under znHUB > Targets will show a new tab labelled “Virtual Targets”. This tab shows the list of Virtual Targets associated with the Target being viewed, and also a list of Issues that are not associated with any Virtual Targets. The individual Issues, if desired, can be manually associated with one of the Virtual Targets.

Notifications and Virtual Targets

Notifications on Virtual Targets work just like Notifications on regular Targets (see this article for general instructions on setting up Notifications), but with one difference in behavior specific to JIRA tickets that are auto-created by a ZeroNorth Notification. When a Virtual Target’s Rule(s) is modified in a way that causes some of the Issues that have outstanding JIRA tickets to be no longer associated with the Virtual Target, ZeroNorth will auto-close the affected JIRA tickets. Additionally, if the change results in Issues getting associated with a new Virtual Target (or back to the “parent” Target), the affected Issues will get picked up for Notification processing that is in effect there, including new JIRA tickets.