Increase / Decrease Asset Criticality by Tag in Tenable Vulnerability Management.
Asset criticality is a key component in a risk based cyber exposure management program and even for your traditional vulnerability management program. As the old adage guides:
…If everything is important; nothing is…
In Tenable One and Lumin, the Asset Criticality Rating(ACR) is automatically adjusted based on a number of factors including device type and internet exposure. While this is extremely helpful at scale, it lacks context; context only the application or asset owners understand.
Leaving context out of every ACR on every asset leads to a saturation of the scores and a lack of clarity on where to focus. The true power beyond Tenable’s scoring in their products is your ability to change them to add your context. This can be done manually in the UI or via an API call.
A few years ago I built the capability into Navi to change the ACR by Tag allowing for a swift adjustment broadly. This has helped some more advanced users understand their risk with their specific context.
However, this made it challenging when assets with-in a Tag had a naturally higher risk level. Like a Database in an application tag, where the front end and ancillary services are also tagged. Each asset in the application stack may have a different level of criticality.
A friend recently asked:
Can I increase the ACR by 2 for everything in a Tag?
This question hit me like a freight train… I pondered for longer than I would like to admit on why I didn’t release that on the first release; It’s such an obvious solution to a real world problem.
So I called on my old friend “Time boxing” and grabbed one of my favorite old school movies, The Golden Child, and got to work.
With some minor adjustments to the Navi 7.3.20 code base, I was able to realize this goal before Eddie Murphy became the “chosen one”. By the way, if you haven’t seen the move it’s probably one of the coolest movies from the 80s. Okay, I’m getting off track… The new release is 7.4.1 and is on Pypi and Docker hub.
If you are familiar with the navi lumin command, you will notice the mod option in the above screenshot. The previous behavior, setting each ACR for every asset in the tag, is triggered using the mod option and set as the value.
navi lumin --c "Production" --V "Business Unit A" --acr 8 -bThe above command will set each asset in the Production : Business Unit A tag to an 8 ACR.
To increase the value of each individual asset with-in a given tag, set the mod value to inc; and of course to decrease the ACR for each asset set the value to dec.
navi lumin --c "Production" --V "Business Unit A" --acr 2-b --mod incThe above command increases each ACR value by 2. If the math exceeds 10 or drops below 1, these values will serve as their max and minimum values.
The below command is the same command with dec as an option; triggering navi to lower the ACR value by two for each asset.
navi lumin --c "Production" --V "Business Unit A" --acr 2-b --mod decIf you haven’t used navi prior to reading this article, check out the Getting Started with Navi Article.
I hope this helps provide a more scalable option for adjusting Risk across your enterprise and help prioritize what truly matters.
