Goals and SLAs Use Cases
We’ve included some use cases to help you familiarize yourself with how to use Goals and SLAs. This article will teach you how to create new goals based on use cases that you can apply to your organization’s security needs.
We also have these pre-built goals where you can modify either the query or the values:
- Remediate all critical vulnerabilities
- Remove obsolete OS
- Ensure credential success
This article covers the following use cases:
- Use Case 1: Create a Goal Based on a Deadline
- Use Case 2: Create a Goal Based on a Relative Timeframe
- Use Case 3: Create a Goal Based That is Ongoing
Let’s get started!
Use case 1: Create a goal based on a deadline
In this lesson, you’ll learn where to find the Goals and SLAs wizard in InsightVM and how to identify assets to create a goal that is based on a deadline. Using our Windows 7 to Windows 10 upgrade example, we first need to identify all assets that are currently using Windows 7.
This lesson usually takes about 8 minutes to complete.
Here’s what we want to accomplish:
I want to upgrade my assets from Windows 7 to Windows 10 by December 31, 2020.
After logging into InsightVM:
- Click the Goals and SLAs option in the left menu.
- Click + New Goal.
- Select New Goal from the goal wizard.
- Click Continue.
- Set the switch to Configure Assets.
- Click Add.
- Type
os
in the search field.
Search by keyword for any term
Any term you enter in the search field will display all records that contain that term, regardless if it’s in the field or in the definition.
- Select os.
- Select ~>.
- Type
windows 7
in the field.
What does `~>` mean?
When building queries in InsightVM, ~>
means matches
. Understanding how to use operators is critical when building queries.
- Click Apply.
- Enter 100% in the percentage field, since all assets need to be upgraded to Windows 10.
- Click Add.
Next, you’ll build another query that captures the end result of what we want to achieve - we want assets on Windows 7 to upgrade to Windows 10.
To accomplish this:
- Click Add.
- Type
os
in the field. - Select os.
- Select ~>.
- Type
windows 10
in the field. - Click Apply.
- Use the date picker in the first date option to select December 31, 2020.
- Click Continue.
- Review your goal and add a new unique name.
- Click Submit.
You’ll get confirmation that you created a time bound goal.
Use case 2: Create a goal based on a relative timeframe
In this lesson, you’ll learn where to find the Goals and SLAs wizard in InsightVM and how to identify vulnerabilities on specific assets based on a relative timeframe. In other words, you want your goal to track vulnerabilities within a certain amount of days after they were discovered.
This lesson usually takes about 8 minutes to complete.
Here’s what we want to accomplish:
Remediate 100% of critical vulnerabilities in MS Patch (categorized as Patch Tuesday) on Windows Server 2016 assets.
After logging into InsightVM:
- Click the Goals and SLAs option in the left menu.
- Click + New Goal.
- Select New Goal from the goal wizard.
- Click Continue.
- Set the switch to Remediate Vulnerabilities.
- Enter
100%
in the percentage field. - Click Add to build a query to identify the vulnerabilities you want to target.
- Type
categories
in the search field. - Select vulnerability.categories.
Search by keyword for any term
Any term you enter in the search field will display all records that contain that term, regardless if it’s in the field or in the definition.
- Select in.
- Type
microsoft patch
in the field. - Click Apply.
Next, you’ll build another query that identifies the specific assets that have Microsoft Patch Tuesday vulnerabilities - in this case, assets running Windows Server 2016.
To accomplish this:
- Click Add.
- Type
os
in the field. - Select os.
- Select ~>.
- Type
windows server 2016
in the field. - Click Apply. Under the query field, the assets and vulnerabilities numbers update. Once they stop, you can click on them to display their details.
- Select the 2nd option that defines the number of days.
- Enter 30 in the field.
- In the last step, review your goal and add a new unique name for your goal.
- Click Submit.
You’ll get confirmation that you created an SLA.
Use case 3: Create a goal based on an ongoing timeframe
In this lesson, you’ll learn where to find the Goals and SLAs wizard in InsightVM and how to identify assets that meet specific conditions which you want to continuously monitor.
This lesson usually takes about 8 minutes to complete.
Here’s what we want to accomplish:
Continually check for high-risk assets to ensure they do not have port 22 open in my environment.
After logging into InsightVM, you’ll build a query to identify the assets that are found in the high risk category:
- Click the Goals and SLAs option in the left menu.
- Click + New Goal.
- Select New Goal from the goal wizard.
- Click Continue.
- Set the switch to Configure Assets.
- Click Add.
Search by keyword for any term
Any term you enter in the search field will display all records that contain that term, regardless if it’s in the field or in the definition.
- Type
tags
in the search field. - Select tags.
- Select IN.
- Type
very high
in the field. - Click Apply.
- Enter 100% in the percentage field, since we want to identify all assets that have port 22 open.
- Click Add.
Next, you’ll build another query that captures the end result of what we want to achieve - in this case, we want our assets to have port 22 closed. To accomplish this:
- Click Add.
- Type
port
in the field. - Select services.port.
- Select !=.
What does `!=` mean?
When building queries in InsightVM, !=
means not equal to
. Understanding how to use operators is critical when building queries.
Sometimes, you need to build the query so it states a negative condition in order to filter the assets you are looking for. In this example, you will use the !=
operator since you are searching for open ports. Using another operator (=
, IS
) indicates you are looking for closed ports.
- Type
22
in the field. - Click Apply.
- Select All the time.
- Click Continue.
- In the last step, review your goal and add a new unique name for your goal.
- Click on Submit.
You’ll get confirmation that you created a continuous goal.