Initialize vulnerability remediation via Vulcan Playbooks

  1. Each playbook must be associated with one of the following sources:
  • Qualys
  • Rapid7
  • Tenable
  • Vulcan report
  • AWS

Note - Playbooks will only be triggered on vulnerabilities on an asset that their type is a host.

2. Vulnerabilities can be filtered by a wide range of parameters and logical conditions combined by the "and" operator. The parameters that can be used for filtering: 

  • Name
  • CVEs
  • CVSS Score
  • Affected package
  • Threats
  • Published on
  • Modified on
  • Discovery time
  • Number of assets
  • Has fixes
  • Priority

3. It is also possible to filter the vulnerabilities by their affected assets with logical conditions combined by the "and" operator. The parameters that can be used for filtering: 

  • Hostname
  • IP
  • Asset Source
  • OS
  • Tags

4. Remediation actions can be applied by multiple collaboration / deployment tools:

Collaboration tools:

  • Service Now
  • Jira
  • Slack
  • Email (this action can also be triggered when the vulnerability breaches SLA)

Deployment tools: 

  • Ansible (via S3 bucket)
  • Chef

General notes:

  • You can decide to trigger the playbook on existing vulnerabilities or run it only on new ones.
  • Playbooks run after any configurational change, as well as twice a day (scheduled).  
  • Each Playbook is independent, it will trigger based on the conditions set regardless of other playbooks configured that executed before or after.
  • For detailed instructions on how to manage playbooks, please visit here.


Did this answer your question?