To start remediating a vulnerability, click “Take Action”. From the dropdown menu select one of 3 options:
Open a ticket
To open a ticket regarding the vulnerability in a connected ticketing platform such as Jira or ServiceNow, choose “Open a ticket” and follow these steps:
- Select your required ticketing platform. Note: if you can’t find your platform here, you may need to add a connector for it.
- Select the relevant connector.
- Fill in the required fields. Note that some fields are automatically pre-populated for you by Vulcan with summarized, actionable information about the vulnerability.
- Optionally, manually select which assets to include in the ticket. By default all vulnerable assets are included.
- Optionally, select which solutions to include in the ticket. By default all solutions are included.
- Optionally, manually set the due date. By default, the due date is set by the SLA as configured under Settings.
- Click “Open Ticket”.
Deploy a patch
To automatically deploy a patch directly from Vulcan, choose “Deploy a patch” and select your required patching platform. (if you can’t find your platform here, you may need to add a connector for it). Then follow the instructions according to the selected platform:
Ansible
- Choose S3 bucket or add a new one. Ansible scripts are uploaded to S3 buckets.
- Choose your Ansible version.
- Choose username.
- Choose whether or not to include become_user:root in the script.
- Click “Deploy fix”.
Chef
- Choose course of action if Chef can’t find the correct package version to install.
- Click “Deploy fix”.
Ivanti
- Choose the relevant Ivanti Machine group.
- Click “Initiate scan in Ivanti”.
- After the initial scan finishes, fill out all the necessary fields.
- Click “Deploy fix”.
Share
To share a details about a vulnerability via email or Slack, choose “Share” and follow these steps:
- Select between email and Slack. Note: if you can’t find Slack here, you may need to add a connector for it.
- Fill in the required fields. Note that some fields are automatically pre-populated for you by Vulcan with summarized, actionable information about the vulnerability.
- Click “Share”.
Ignore
If you deem a vulnerability as posing no risk, you may choose to ignore it and remove it from the Pending queue. To ignore a vulnerability click “ignore” and follow these steps:
- Choose a reason for ignoring.
- Optionally, add a free text comment.
- Optionally, select to limit time the vulnerability is ignored and send it back to Pending after a period.
- Click “Ignore”.