Wait! What? 6.4 has even more?!
In this article I am going to focus on the 6.4 updates made to Bulk Processing feature added in 6.3. The enhancements added to Bulk Processing has significantly added flexibility and utility to enable business logic in bulk processing. The additions include the following:
- Support for leveled applications.
- N-tier filtering for Bulk Schedules
- Grouping by fields in related applications for the Bulk Create Reference action
Support for leveled applications
In 6.4, you can now select a leveled application as the target for a bulk schedule. When you select a leveled application as the target for the schedule you simply also select the target level for the schedule. This allows you the same flexibility to execute bulk processing against a leveled application.
Also, Bulk Create Reference actions allow for the selection of a Reference field that targets all levels of a leveled application. You just need make an additional level section in the Bulk Create Reference action. This is available in both scheduled and on demand actions.
N-tier filtering for Bulk Schedules
Bulk Schedules now allow for n-tier filtering. The ability to filter on fields from other applications allows for greater flexibility in bulk processing the desired content. For example, consider that you only want the schedule create a new Finding record for a Device with an severe open Vulnerability Scan Result that has been open for more than 5 days. In the below example, we are targeting Devices. Devices has a cross-reference to Vulnerability Scan Results. We want to create a schedule which creates a new Finding only for Devices that have a related Vulnerability Scan Result with a Status of Open, a Severity Level of Severe and has been Open more than 5 Days. Since we want to add a filter for fields in Vulnerability Scan Results we must first add a relationship to Vulnerability Scan Results Consequently, we click Manage Relationships in the Filter section.
This invokes the Add New Relationship pop-up. The Left pane shows all the applications directly related to Devices. Clicking Vulnerability Scan Results moves it to the selected pane. Notice that Vulnerability Scan Results is now expandable in the Available pane, if we needed to add filters for applications related to Vulnerability Scan Results we could expand it to add any of its child applications to the selected set of relationships. For our scenario, however, all we need is Vulnerability Scan Results.
Now that Vulnerabilities has been added to the buildout, we can add filters for the Scan Status, Criticality and Days Open field of Vulnerability Scan Results
The final configuration filters on Status and Count of Open Findings fields of Devices and the Scan Results Status, Severity Level and Days Open fields of Vulnerability Scan Results
Since we only want Active Devices that have qualifying scan results, we also have to click Configure Relationships and check the Enforce Relationship checkbox in the resulting popup. This option will eliminate Active Devices without any Vulnerable Scan Results that qualify for the scan results filters.
Group By Fields in related applications for Bulk Create Reference Actions
In 6.3, the Group By selector for the Bulk Create Actions only allowed fields from the primary target application. In 6.4, the capability to group by fields from related applications n-tiers away has been added, allowing for extending capabilities in how the collected content is grouped and linked to the new records being created by the process. For example, from our previous scenario, assume that Devices belong to Applications which in turn serve Business Processes. Finally, the Business Process are owned by a Business Unit. While generating new Findings, we actually want to group all Devices by the Business Unit they ultimately belong to and assign that group to the same new Finding.
Let’s add a new Bulk Create Reference action. We will select the Findings as our Reference field.
Next we will invoke the Group By popup. The available pane in 6.4 now displays a tree structure that shows the relationship hierarchy of the applications. The starting point of this tree is the target application of the schedule Devices. The Devices node will now not only show all eligible fields for Devices, but it will also show the applications directly related to it.
We actually want to group by the Business Unit field of Business Process so we will first expand the Applications node, then the Business Processes node. Now we can select the Business Unit field as our Group By. The Selected pane shows the full path of the applications traversed for the Group By field. In our case that is Devices->Applications->Business Processes. Note that you can select multiple group by fields from multiple levels if necessary.
When the schedule executes all qualify Devices will be grouped by the Business Unit that affectively owns them, the system will create a new Finding and tie it to all these Devices. This allows the Business Unit assignee to work one Finding for all the Devices for which he is responsible.
Please join me for this week’s Free Friday Tech Huddle to see a demo of these Bulk Processing enhancements!
