The automation Playbooks allow you to minimize response time and reduce mundane manual labor by automating remediation tasks based on business and security conditions, through integrating the desired report/ticketing system used in your organization. For example, you can configure integration with a ticketing system, such as JIRA, ServiceNow, etc., and open remediation tickets automatically through the Vulcan Platform > Automation.
All automations are based on the same principles but with different settings and modifications, depending on the selected reporting tool or Remediation Action method.
Creating new Automation (Playbook)
To create a new Playbook:
In the Vulcn Platform, go to Automation> Create new Playbook.
Alternatively, you can select one of the Suggested playbooks and modify them to suit your needs.
For the Playbook name, give your new Playbook a unique indicative name and a description (optionally).
For Vulnerabilities to fix, add the conditions that must be met on vulnerabilities and assets for the Automation to trigger. The Automation will only affect vulnerabilities and assets matching these criteria.
Tip: Use the Threats condition to create Automation based on Threat Tags and Attack Vectors, such as Threat Intelligence tags by Mandiant or Recorded Future.
Enable/disable the option to run the Playbook on existing vulnerabilities or only on future ones.
For Remediation actions, select the method through which the ticket/vulnerability remediation alert/request should open. These actions are identical to the ones you can perform manually on a vulnerability, only that they are automatically triggered when the automation conditions are met.
Every Remediation method has its own set of capabilities and settings to configure. Once you select a method, a dedicated setting page opens.
For example, the JIRA and ServiceNow integrations have the following set of available options for ticket separation and updating tickets with subsequent discoveries:
For SLA-Exceeding, you can set up another action to be triggered once a vulnerability exceeds its SLA.
When you are done, click Save and Run.
Creating Automation from Suggested Playbooks
To create a new automation from a Suggested Playbook, click one of the suggested playbooks, modify it to suit your needs, and click “Save & Run”.
Modifying a Playbook
To view or edit an existing Playbook:
Go to Automation
Find your Playbook on the list and click on it.
Edit as needed and then click Save and Run.
Managing a Playbook
Go to Automation
Find your Playbook on the list and hover over it to make the toolbox visible.
You can pause, delete, duplicate, view actions, and view the activity log of the Playbook.
Click here to learn more about monitoring Playbook Actions.
Use the search box to search for playbooks by name or description.
You can trigger the Playbook on existing vulnerabilities or run it only on new ones.
Playbooks run after any configurational change and twice a day (scheduled).
Each Playbook is independent; it will trigger based on the conditions set regardless of other playbooks configured that were executed before or will run after.