Anytime I edit an asset risk and add an applicable asset from the drop down, the threat tags and vulernability tags get populated with lots of info which does not make sense to me and I have no idea how to stop.
after adding 1 asset
Has anyone seen this thread?
this is normal behaviour when you modify the assets , those two fields will “recalculate” itself based on the assets “types”
well, how do I turn it off? It messes up my carefully selected threat and vulnerability tags.
you cant, i’ll link it to this existing issue https://github.com/eramba/eramba_v2/issues/2835 so we try to do something about it later on
1 Like
we do not like people touching the code or sql, this is very grey area. there are good reasons for that , reasons not easy to understand unless you manage thousands of deployments that ask for support. our tc’s are explicit about this rule.
please do not change code or i will personally void the license permanently
regards
Esteban
+1 on this. Causing extra effort in restoring custom tags when minor changes being made to existing Asset Risk item. Would love for this feature to be optionally disabled - most practitioners don’t need this “help” on tagging threats and vulns.
The feature loses value when new threat and vulnerability tags are added anyway as Eramba doesnt consider any tags that are not system defaults.
1 Like
Hello,
I like this feature to, automaticaly, add Threats Tags and Vulnerabilities Tags, regarding the type of asset I add to my Asset Risk but…
Unfortunately, if you upload a CSV file with all your Asset Risks, linked to the correct Assets, this autocompletion of the Threat Tags and Vulnerabilities Tags is not done.
In order to get those fields autocompleted, I need to edit EACH Asset Risk, remove the Asset, and add again the same Asset… Not very efficient if you have hundredrs of Asset Risks loaded.
Do you have a proposal to solve this issue?
Thanks in advance.
You should be able to bulk edit the threats and vulnerabilities, so you can at least only do that once per asset class instead of for every asset.
1 Like
On the Risk / Settings menu we need to update the “Threat” and “Vulnerabilities” options:
This list of threats and vulnerabilities are linked to “Asset Types”:
- in the asset risk module, when you select an asset these threaths and vulnerabilities are recommended to you based on those associations mentioned above
- in the third party risk the same happens because on those risks you have to associate “assets”
- in the business risk module, this should NOT happen because there are no assets involved. This today is happening and it shouldn’t.
1- We need them to load a page rather than a modal, this could follow the same setup we did with “Activity Log”, but that page needs only a standard “Actions / Add + Import” functionality.
2- the Add will ask the following mandatory fields:
Name (Provide the name of the Threat / Vulnerability): text field
Associated Asset Type (Select the Asset types that could be affected by this Threat / Vulnerability): this will be a multiple select list of Asset Types plus one called “Undefined”
The CSV import will have both those options.
Attention: if someone deletes an asset type , it should not give trouble as the label would switch to “Undefined” in the worst case.
3- There will be a standard filter shown when loading the page with the following columns:
- Name
- Asset Types
- Associated Asset Risks - this lists the number of Risk using this Threat/Vulnerability (this could be clickable so it redirects you to those risks)
- Associated TP Risks - this lists the number of Risk using this Threat/Vulnerability (this could be clickable so it redirects you to those risks)
- Associated Business Risks - this lists the number of Risk using this Threat/Vulnerability (this could be clickable so it redirects you to those risks)
The filter is sorted by the number of linked risks (assets), higher to lower
4- The filter will have the standard bulk-edit option, both fields should be “bulk-editable”
5- The menu items are standard, edit and delete.
6- The filter has in-line edits enabled.
Attention: You can not delete labels that are being “used” in risks.
6- On the Risk form, when you change the Asset we need the javascript to handle two situations:
a- if the field was empty and stuff gets selected, you automatically show threats and vulnerabilities as we do now
b- If the field has something already and someone changes that, we need to popup something asking “Do you want eramba to update threats and vulnerability tags?”
If they say “Yes” you update those fields, if they say “No” you don’t. I believe we do not have this popup implemented on a loaded form, if this is not possible then let me know how else we can do it.
1 Like
I need to re-open this discussion.
Here is the problem:
I have a new asset in Eramba. I need to associate a couple of risks with this new asset.
When editing an asset, I cannot associate risks with it.
One has to edit a risk and associate it with an asset. This also means my lovingly managed “threat tags” will get totally messed up.
When bulk editing risks, it looks like one cannot bulk edit the associated assets. Most other fields are bulk-editable.
What now? I think this is a common occurrence to add new assets to Eramba and some automation should not re-populate existing risks “threat tags” field.
The feature explained in the post above will be available soon with the release 3.23.0. Hopefully, that will help.
1 Like