Rules engine: Allowed countermeasure state transitions

Introduction

The rules engine offers a lot of functionality to meet custom needs.

We have a number of articles on this, such as Rules explanation

Objectives

• understand the usage of 'mark countermeasure as' action in the rules engine.
  • understand the allowed countermeasure state transitions
  • understand the prohibited countermeasure state transitions

Rule walk through

we can access this action inside the rules editor with any of the following modules:

• Main
• Component
• Threat(Component conditions)

If you are unsure which module is appropriate for you use, please refer to the Rules explanation guide, linked above.

Next, we apply an appropriate condition to meet your needs and set the action to fire along with this condition to be: 'mark countermeasure as'.

Please note; This can be used in conjunction with additional conditions and actions, but bare in mind the operator used when combining conditions/actions is 'AND', not 'OR'.

We then have a number of statuses to choose what we want to transition to.

This can also be used via a drool with:

CountermeasureState.byName("Implemented")

for example:

 insertLogical(new ChangeProjectCountermeasureStateFact("AWS-LAMBDA-C20", CountermeasureState.byName("Implemented"), "", false));

Allowed Transitions ✅

Prohibited transitions ❌

Rejected and implemented are viewed as the final states, so cannot be transitioned without manual action. No action will be taken from a rule.