LogoLogo
Get FDA readyServicesSolutionsGuardian helpGet a demo
  • Helm help center home
  • Get Started
    • Helm features
    • Quickstart process
    • Understand data sources and update frequency
    • Get familiar with the Helm UI
      • Understand your dashboard
      • Helm terminology
    • Don't have an SBOM?
      • Why SBOMs are critical to your present and future
      • Generate CycloneDX SBOM with open-source tools
      • Generate SPDX SBOM with open-source tools
        • Generate SBOM with Yocto on Linux
      • Convert your SBOM from CSV to CycloneDX
      • Get expert Services help
    • Upload your first SBOM
      • Upload or convert .zst SBOM files from Yocto on Linux
  • Automate and integrate
    • Automate and integrate risk prioritization and management
    • Automate SBOM and vulnerability management via Helm API SDK
    • Automate SBOM management via GitHub action
    • Automate SBOM management via MS Azure DevOps extension
    • Create and manage lifecycle rules to automate EOS and EOL information across all products
  • Match components
    • Match unmatched components
    • Understand match statuses
    • Understand match sources
    • Create and manage alias rules to match and rematch components across all products
  • manage sboms
    • Manage SBOM
      • Manage component
      • Manage licenses
      • Create, edit, or merge SBOMs
      • Export your SBOM
      • Upload new version of SBOM with each release
      • Archive a product or product version
    • Find out what products contain a particular component
  • manage vulnerabilities
    • Check whether a particular vulnerability impacts your products
    • Manage vulnerabilities
      • Identify and prioritize exploitable vulnerabilities
        • Get email notifications for new vulnerabilities
        • Send email with vulnerability details for future prioritization
        • Understand issue severity level
          • Understand the CVSS vulnerability scoring system
      • Rescore vulnerabilities in bulk or individually
      • Remediate vulnerabilities in bulk or individually
      • Patch Windows vulnerabilities in bulk or individually
      • Export vulnerabilities
  • Ensure FDA readiness
    • FDA-ready SBOM and vulnerability reports
      • Meet FDA requirements with your FDA SBOM report
      • VEX and VDR reports
    • Understand new FDA cybersecurity requirements for cyber devices
      • Is my device a cyber device?
      • What if I already submitted my cyber device?
    • What should my cybersecurity management plan entail?
      • What does risk management entail?
      • Verification & Validation: Build the right product/service/system in the right way
      • Why do I need a Quality Management System (QMS)?
      • Cybersecurity is everyone's responsibility
  • Terminology
    • Cybersecurity terminology
    • What is CPE?
      • How do I read a CPE string?
  • Administration
    • Manage users
    • Manage products
    • Modify your organization name
  • what's new
    • Changelog
Powered by GitBook

© Copyright MedCrypt 2024, All rights reserved.

On this page
  • Overview
  • Benefits of alias rules manager
  • Understanding the impact of alias rules
  • View aliased matches
  • Add an alias rule
  • Create an alias rule from Rules manager
  • Create an alias rule from component
  • Edit alias rule
  • Set priority order of alias rules
  • Delete alias rule
  • Troubleshooting and best practices
  • Alias permissions

Was this helpful?

Export as PDF
  1. Match components

Create and manage alias rules to match and rematch components across all products

Overview

To view vulnerabilities for a particular component, each component must be matched to known software in the NVD. Administrators can create alias rules to find known software matches for components that are unmatched, mismatched, or have multiple matches. Alias rules will not override components that were manually matched by users.

The alias rules manager enables you to set robust matching conditions for aliases, simplifying the known software search process and bringing forward more information to help you select the correct known software match.

Benefits of alias rules manager

  • Centralized rule management: Manage both alias rules and EOS/EOL lifecycle rules from a single location

  • Enhanced matching capabilities: Create conditions using Component name, Supplier, CPE, PURL, and Version information

  • Improved transparency: View detailed information about potential matches including vulnerability counts, known versions, CPEs, PURLs, and references

  • Impact visibility: See the number of affected products, versions, and components before making changes

  • Conflict handling: System detects potential rule conflicts

  • Automatic application: Rules are automatically applied to both existing and future SBOMs

Understanding the impact of alias rules

When alias rules are applied, they affect:

  • Existing SBOMs: All matching components in previously uploaded SBOMs will have the alias rule applied

  • Future SBOMs: Any new uploads with matching components will automatically have the rule applied

  • Match status: Components will change from unmatched statuses to "Matched" with an "ALIAS" badge

  • Vulnerability data: If the known software has vulnerabilities in the NVD, these will now be associated with your components

  • Reporting: Components matched via alias rules will appear in vulnerability reports with their assigned matches

  • Override hierarchy: Manual matches always take precedence over alias rules

When you edit or delete an alias rule:

  • Components previously matched by that rule will return to their previous unmatched status

  • Any vulnerability data associated through that match will no longer be linked to the component

  • You'll need to create a new alias rule or manually match affected components to restore vulnerability data

View aliased matches

For all components that have been matched with an alias, you'll see a Matched status with an ALIAS badge in the Match status column of the Products page.

Add an alias rule

Create an alias rule from Rules manager

When creating an alias rule from the Rules manager, you’ll need to specify the component matching conditions under which the alias rule will be applied.

  1. Click the Rules item in the sidebar. This will display the Rules page, where you can manage alias and lifecycle rules.

  2. Click the Add alias rule button in the Alias rules tab. This will display the Create alias rule wizard.

  3. In the first step, specify the conditions for which you want this alias rule to be automatically applied. You can add one condition for each metadata field.

    • Each condition uses AND logic, so everything must be true for the effects to apply.

    • If there is an existing alias rule that exactly matches your criteria, you'll be prompted to discard this pending edit or change the criteria.

  4. In the second step, specify the known component name and/or supplier, then click Search known software.

    • If you know which software you are looking for, click the option button next to that software, then click Create alias rule.

    • If you're not certain which software is the best match, click the option button to review the details for that known software component, including any vulnerability information, associated CPEs and PURLs, and references. Once you've identified and selected the correct match, click Create alias rule.

  5. The new alias rule will display at the bottom of your rule list. If you want this rule to have higher priority, you can drag-and-drop it higher in the rules list.

  6. The Match status for components that match this criteria will be updated to Matched with an ALIAS badge. This may take a while, since Helm is running this new alias rule against all of your SBOMs and evaluating it against all existing alias rules. If the known software is in the NVD or is in a package manager that has known vulnerabilities, it will be updated with these associated vulnerabilities.

Create an alias rule from component

When creating an alias rule from a component on the Products page, the component matching conditions will be automatically populated, which you can modify as necessary.

  1. Click Products in the sidebar. This will display the Products page, which is a list of all components in this SBOM.

  2. For any non-matched component status, click the badge in the Match status column or the primary button in the Actions column. Alternately, you can select View match suggestions from the ... actions overflow button. This will display the Select match suggestions panel.

  3. If you want to change the component matching conditions, you can do so in step 1, then click Continue to update the possible matches in step 2. If there is an existing alias rule that exactly matches your criteria, you'll be prompted to discard this pending edit or change the criteria.

  4. In the Component name field, enter at least three characters to start filtering down the list. All condition rules must be alphanumeric. Enter any other information you have for the component, then click Continue. If there is an existing alias rule that exactly matches your criteria, you'll be prompted to keep the existing rule or replace it with the new rule.

  5. In the next section, enter the known software component name and/or supplier, then click Search known software to return potential matches.

    • If you know which software you are looking for, click the option button next to that software, then click Create alias rule.

    • If you're not certain which software is the best match, click the option button to review the details for that known software component, including any vulnerability information, associated CPEs and PURLs, and references. Once you've identified and selected the correct match, click Create alias rule.

  6. The new alias rule will display at the bottom of your rule list. If you want this rule to have higher priority, you can drag-and-drop it higher in the rules list.

  7. The Match status for this component and all components that match this criteria will be updated to Matched with an ALIAS badge. Updating all of the components may take awhile, since Helm is running this new alias rule against all of your SBOMs and evaluating it against all existing alias rules. If the known software is in the NVD or is in a package manager that has known vulnerabilities, it will be updated with these associated vulnerabilities.

Rule naming conventions

Edit alias rule

If you need to edit an alias rule, note that any changes will be applied to both existing and future SBOMs.

  1. Click the Rules item in the sidebar.

  2. Click the Alias rules tab.

  3. In the Alias rules tab, click Edit on any rule you want to modify. This will display the Manage alias rule wizard. This will display the current component matching conditions and the selected known software match.

  4. If you want to change the component matching conditions, you can do so in step 1, then click Continue to update the possible matches in step 2.

    • If there is an existing alias rule that exactly matches your criteria, you'll be prompted to discard this pending edit or change the criteria.

  5. In the second step, you will see the currently selected match, as well as other possible matches based on that search criteria. In the details section for the selected match, you'll see several tabs to help you understand the impact of the existing rule across your portfolio, known vulnerabilities, known CPEs and PURLs, as well as additional references.

  6. If you want to change the match criteria, enter part or all of the known software you are looking for, then click Search known software.

  7. If you change matching conditions or the selected known match, you will not be able to see the impact of this change until you apply it, then go back in to edit the rule.

  8. Click Save & apply changes. You'll see a success notification when the change has been applied. Editing a rule will not change its current position in the list, so drag-and-drop it higher or lower to change its priority.

Set priority order of alias rules

Alias rules are applied according to their position on the rules list.

  1. Drag-and-drop them higher to increase their priority or lower to decrease their priority.

  2. If you have only reprioritized rule order, but haven't marked any rules for deletion, click Save & apply changes. This will apply the reprioritizations.

  3. If you've marked rules for deletion in addition to reprioritizing rules, this button will be Review changes to give you an opportunity to view the impact of these pending deletions before confirming these changes.

Delete alias rule

If you find that your team has added an incorrect alias rule, you can easily remove it if you are an Administrator.

  1. Click the Rules item in the sidebar.

  2. Click the Alias rules tab.

  3. Click Mark for deletion on the alias rules you want to delete.

  4. If you need to change priority of any rules as a result of these impending deletions, drag-and-drop the respective rules higher or lower in the list.

  5. Click Review changes button.

  6. After making your changes, click the global Save & apply changes button at the bottom of the aliases rule list. The rule will no longer be associated to existing SBOMs and will not be applied to future ones.

Troubleshooting and best practices

  • Rule naming: You cannot currently edit rule names. They are automatically generated based on conditions.

  • Rule conflicts: When creating rules with similar conditions, ensure they don't unintentionally overlap. The system will warn about exact duplicates.

  • Session persistence: Always save your changes before navigating away, as unsaved changes will be lost.

  • Rule prioritization: Place more specific rules higher in the list, as they take precedence over more general rules.

  • Performance considerations:

    • Creating many rules with complex conditions may increase processing time

    • Large-scale rule changes may take time to propagate across all SBOMs

  • Verification: After applying rules, check a sample of components to verify the rules are working as expected.

  • Maintenance: Periodically review your alias rules to ensure they still reflect your current software matching needs.

Alias permissions

  • Administrator: Users with an Administrator role can view and edit all products, as well as create aliases and use existing aliases to link software in their SBOMs to known software in the NVD.

  • User with edit permissions for a product: Users who have edit permissions for a particular product, but are not Administrators, will be able to view and use existing aliases for that product to link software in their SBOM to known software in the NVD, but will not be able to create aliases unless they have an Administrator role.

  • User with read-only permissions for a product: These users will be able to view aliases for that product, but will not be able to use these aliases to link software.

PreviousUnderstand match sourcesNextManage SBOM

Last updated 22 days ago

Was this helpful?

To view aliases, click the Rules item in the sidebar. If you have appropriate , you will see existing alias rules in the Alias rules tab.

To resolve , , and other , Administrators can create alias rules directly from the unknown component or from the Rules item in the sidebar.

Rules are named according to the criteria specified for them, for example: [Supplier name]/[Component name]/[Version]. You cannot currently edit rule names. If this is important to you, .

This will display a confirmation panel showing the impact of your potential deletions across your portfolio. If you have multiple pending deletions, click Continue to move to the next one. You can also click Save & apply changes if you don’t need to examine your deletion impacts. You can't currently change this impact. if this is something that you need!

permissions
let us know
Let us know
match statuses
Select match
Not found