Remediation plans are the heart of the remediation workflow. Remediation plans allow you to focus on as narrow a subset of hosts, patches, or vulnerabilities as you like and DeepSurface will help you prioritize what to work on and in what order.
To create a new remediation plan, click the new remediation plan button in the top right. You will be presented with the creation wizard that breaks the process down into 4 steps:
In the Plan details tab, simply fill out any details that will make it easy to identify the purpose of this remediation plan. Feel free to skip to the second tab and come back to this later if you do not yet have an idea of what this plan will encompass
Selecting Risk items is perhaps one of the most important steps of building a remediation plan. In this step you can choose the underlying items you would like to focus on for this remediation plan. Use the type dropdown to switch between hosts you would like to apply patches to, patches you would like to apply across your entire environment, or vulnerabilites you would like to remediate. Each item type also allows you to additionally search by keywords to help you narrow down to what you want to focus on. Whatever type (host, patch, or vulnerability) you choose, the list will be conveniently pre-sorted by risk reduction. The items at the top of the list having the greatest impact of reducing your overall risk if remediated. Feel free to mix and match whatever you want to add to your remediation plan. Whatever you decided to add will show up in the corresponding section in the right column. We recommend narrowing the focus of this plan to a few targeted items. You can always make as many plans as you like, each with its own focus. Once you are satisfied with the underlying risk items that you have selected, you can move onto the task selection step.
The select task step will become available to you once you have at least 1 risk item selected in step 2. This step may appear daunting at first, but this is where DeepSurface really flexes its ability to recommend the best approach to remediating your environment based on the items you have selected to focus on.
Behind the scenes DeepSurface has analyzed, sorted, and prioritized the best approach to handle what you have decided to focus on for this plan and laid them out for you as suggested tasks that you can add to your plan. All of the suggested tasks appear in a list sorted by risk reduction benefit, the biggest bang for your buck appearing at the top of the list.
You will notice that each task has an item that will be remediated and action that is to be performed on that item. For
example, Apply XXX patches to ###### host
or Apply ###### patch to XXX number of hosts
. DeepSurface has identified
what you are wanting to remediate and grouped the actions together into tasks that involve the same work. This work is
further broken down by owner of the host. Therefore it is possible that you might see the same, or very similar, task
repeated a couple times, but with different owners. The owners of a task are automatically assigned to the owner of the
tag that the given host is a part of, but this can be re-assigned any time.
You will no doubt notice that if you scroll down the list of suggested tasks, the risk reduction benefit of a given task quickly reaches a point of diminishing returns. It is for this reason, we suggest accepting the top tasks first. Once the tasks you accept take care of enough of the risk, the remaining tasks have very little (if any) benefit.
Once you have finalized selecting all of the tasks you would like to commit to for this plan, the review/approve tab gives you an overview of the plan in its current state. On this screen you can re-assign owners of tasks, see progress for the plan as whole or on a task by task basis, and commit to the plan. Since this plan was just started, it is currently in a "Draft" state. While in this state, you can freely move from tab to tab and change anything you like. If you decide to commit to this plan by clicking the "Activate" button in the lower right, then you will see the following warning.
As you can see from the warning, once you activate the plan you can no longer change the underlying risk items for this plan. DeepSurface will automatically track your progress on the tasks for this any time it runs an analysis and swapping out the underlying risk items while trying to track progress would be like trying to swap out the foundation of a home after it has already been built. Once Activated, a plan can be tracked in DeepSurface, but can also be exported as an Excel spreadsheet, as emails, or to a previously configured third-party ticketing service. From the main Remediation > Plans screen if you try to export to ticketing, the interface will let you know that you must first setup a ticketing service, which we will visit in the next section.