Go to Vulcan Cyber
All Collections
User Guides
Taking a remediation action on a vulnerability

Taking a remediation action on a vulnerability

T
Written by Tal Morgenstern
Updated over a week ago

To start remediating a vulnerability, click “Take Action”. From the dropdown menu select one of 3 options:

Open a ticket

To open a ticket regarding the vulnerability in a connected ticketing platform such as Jira or ServiceNow, choose “Open a ticket” and follow these steps:

  1. Select your required ticketing platform. Note: if you can’t find your platform here, you may need to add a connector for it.

  2. Select the relevant connector.

  3. Fill in the required fields. Note that some fields are automatically pre-populated for you by Vulcan with summarized, actionable information about the vulnerability.

  4. Optionally, manually select which assets to include in the ticket. By default all vulnerable assets are included.

  5. Optionally, select which solutions to include in the ticket. By default all solutions are included.

  6. Optionally, manually set the due date. By default, the due date is set by the SLA as configured under Settings.

  7. Click “Open Ticket”.

Deploy a patch

To automatically deploy a patch directly from Vulcan, choose “Deploy a patch” and select your required patching platform. (if you can’t find your platform here, you may need to add a connector for it). Then follow the instructions according to the selected platform:

Ansible

  1. Choose S3 bucket or add a new one. Ansible scripts are uploaded to S3 buckets. 

  2. Choose your Ansible version.

  3. Choose username.

  4. Choose whether or not to include become_user:root in the script.

  5. Click “Deploy fix”.

Chef

  1. Choose course of action if Chef can’t find the correct package version to install.

  2. Click “Deploy fix”.

Ivanti

  1. Choose the relevant Ivanti Machine group.

  2. Click “Initiate scan in Ivanti”.

  3. After the initial scan finishes, fill out all the necessary fields.

  4. Click “Deploy fix”.

Share

To share a details about a vulnerability via email or Slack, choose “Share” and follow these steps:

  1. Select between email and Slack. Note: if you can’t find Slack here, you may need to add a connector for it.

  2. Fill in the required fields. Note that some fields are automatically pre-populated for you by Vulcan with summarized, actionable information about the vulnerability.

  3. Click “Share”.

Ignore

If you deem a vulnerability as posing no risk, you may choose to ignore it and remove it from the Pending queue. To ignore a vulnerability click “ignore” and follow these steps:

  1. Choose a reason for ignoring.

  2. Optionally, add a free text comment.

  3. Optionally, select to limit time the vulnerability is ignored and send it back to Pending after a period.

  4. Click “Ignore”.

Did this answer your question?