runZero is able to help users track ownership with the ability to configure different types of owners and assign owners to runZero assets and vulnerability records. Ownership coverage can also be tracked as a goal.
Superusers can manage the available types of ownership on the Account > Ownership types page. Custom ownership types can be configured to meet your needs. Some common ownership types may include Security owner, IT owner, or Compliance owner.
The ownership type requires configuring three fields:
- Name: the name of the ownership type.
- Reference: whether the ownership type should be correlated with the user inventory, group inventory, or neither.
- Visibility: whether the ownership type is visible through the asset inventory and asset details pages.
Asset Owner ownership type, when visible, will be automatically populated with ownership-related data that runZero can glean from your configured integrations. The name of this ownership type can be changed by a superuser.
The list of ownership types can be prioritized by dragging the types into the preferred order. This will dictate the order in which the types are displayed in the inventory and asset details pages. Only types marked
visible will be displayed.
Assigning owners to assets and vulnerabilities
Once created, custom owners can be assigned via the inventory or through an alert rule.
Superusers, administrators, and users can add or modify owner values, and can remove owners from assets or vulnerability records. Annotators can only add owner values, but cannot modify or remove owners.
Ownership in the inventory
Follow these steps to assign owners through the asset or vulnerability inventory:
- Select all the assets or vulnerability records you wish to update, applying a query filter if needed.
- Click the
Manage asset ownershipor
Manage vulnerability ownershipbutton to open the ownership popup. Note: Ownership values applied to an asset will be inherited by unowned vulnerability records on that asset. Vulnerability records with owners defined will not inherit the ownership value assigned to the asset.
Add ownership typeand choose which type(s) of owner you wish to apply to the selected assets or vulnerability records.
- Add the owner value to the field.
Saveto apply your changes.
Applying owners with rules
To automatically apply ownership values to assets after a scan, create an alert rule by going to Alerts > Rules and clicking the
Create rule button:
- Select an inventory query you wish to use, such as the
asset-query-resultsrule type, then click
- Configure any desired settings.
- Set the Action to
- Specify a value for the
Set [ownership type]field for the ownership type(s) you wish to apply. Note: Ownership values applied to an asset will be inherited by unowned vulnerability records on that asset. Vulnerability records with owners defined will not inherit the ownership value assigned to the asset.
- Save the rule.
This rule will now add the specified owner type and value to all assets that match the rule when a scan completes.