I have a lot of Unit Managers within my user account. I used those accounts to create remediation policies. On those policies, I selected the 'All' Asset Group. The problem: When I run a scan using a Manager (global manager) account, the rules do not work.
Is this normal? Is this avoidable? How?
Should I use another strategy?
Thank you very much!
This is an issue that's likely to require a bit more in the way of information to get to the bottom of, and proabbly some back-and-forth.
My suggestion is that you open a ticket with support so that we can better understand what's going on and help you resolve the issue.
Please call 1-877-801-6161 or send an email to firstname.lastname@example.org to get started. Alternately, you can select 'Contact Support' from the help menu in the QualysGuard UI.
Technical Support Engineer
thanks for your help. I found an answer for this question! Qualys online help states
Managers may choose not to create a global remediation policy and instead delegate this responsibility completely to the individual business units. In this case, only scans launched by users in the business units with policies will result in tickets. Scans launched by Managers and other users outside of the business unit will not result in tickets.
For example, let's say that the only policy in the subscription is a business unit policy created by a Unit Manager to create tickets for all severity 5 vulnerabilities. In this case, if a user in the business unit launches a scan and 10 severity 5 vulnerabilities are detected, then 10 tickets are created and assigned to the user designated in the policy. (Note that the ticket assignee may be somebody outside of the business unit when "Asset Owner" is used.) If a Manager in the same subscription launches a scan on the same hosts and 10 severity 5 vulnerabilities are detected, then no tickets are created. This is because the Manager is not in the business unit and there is no global remediation policy established for the subscription.
Remediation -> workflow -> Automatic ticket creation
I was searching for information under Tools -> Remadiation Policy (all five pages - none has this information)
I think users would really like to be able to choose if they want their Unit Manager policies to be applied to Manager started scans. Why not?