In this article you will find:
- How to create a new Remediation Campaign
- How to manage and track Remediation Campaigns (using the campaign table and campaign details view)
When either a user takes an action on a vulnerability or a playbook automatically started a remediation process, a Remediation Campaign will be created. Vulcan’s remediation campaign allows you to gain more knowledge about your organization's remediation process and provides the ability to manage it via a unified view.
Remediation campaign is an entity that contains a set of vulnerability instances and remediation action(s) with the same goal:
“Fix X vulnerabilities on Y assets via Z actions”.
2. Create a new Remediation Campaign
Campaigns are automatically created when you either initiate remediations on vulnerabilities from the Vulnerabilities tab or triggered a playbook from the automation tab.
Initiate remediation based on vulnerabilities (manually):
- The ability to start a new campaign is available in both take action options:• Open a ticket• Deploy a patchSee detailed instructions on how to take these actions here.
- Name your campaign:In the right panel, you can give your new Campaign a meaningful, unique name or leave it with a unique id number.
Initiate remediation based on playbooks (automatically):
For each playbook - whenever a playbook is triggered:
- A new campaign is automatically created and displayed in the Campaigns tab.
- Each campaign represents a subset of the playbook run divided by vulnerability name, remediation action and date of playbook run.
See detailed instructions on how to take use playbooks here.
3. Manage and track Remediation Campaigns
After the remediation was initialized, a new Campaign will automatically be created with the relevant details of that action in the Campaigns tab
- Type - Manual / Playbook
- Name - The campaign name supplied when the action was made manually / the name generated from the playbook name
- Vulnerability: The vulnerability name which was the basis of the remediation action
- Risk: The vulnerability risk as appears in the Vulnerability list
- Source: The vulnerability source as appears in the Vulnerability list / playbook
- Started: The date of campaign creation
- Fixed assets / Total: Number of assets included in the Campaign with status Fixed or Remediation validated / Total number of assets included in the Campaign
- Action: The action that was taken when the campaign was created
- Time to SLA: Vulnerability discover date / SLA
You can click on each campaign and get more details regarding the campaign:
- Success - What is the current state of the remediation campaign? Meaning how many (in percentage) assets are fixed out of total assets in the campaign?
This tab displays the action that triggered the campaign. This way the user can get a better understanding of the campaign’s goal.
The tab contains:
• The action name
• The chosen assets to patch
• The chosen solutions to apply
• • The chosen scripts to deploy
This tab displays the vulnerabilities the campaign should fix:
- Vulnerability name
The Assets tab displays all the assets who associated to the campaign
It shows the breakdown of statuses of these assets. There are 5 possible statuses:
- In Progress
- Remediation Validated
- Risk Acknowledged
- False Positive
The Activity Feed tab displays a detailed audit log of all the events related to this remediation along with their timestamp.