Initialize vulnerability remediation via Vulcan Playbooks

  1. Each playbook must be associated with one of the following sources:

  • Qualys

  • Rapid7

  • Tenable

  • Vulcan report

  • AWS

Note - Playbooks will only be triggered on vulnerabilities on an asset that their type is a host.

2. Vulnerabilities can be filtered by a wide range of parameters and logical conditions combined by the "and" operator. The parameters that can be used for filtering: 

  • Name

  • CVEs

  • CVSS Score

  • Affected package

  • Threats

  • Published on

  • Modified on

  • Discovery time

  • Number of assets

  • Has fixes

  • Priority

3. It is also possible to filter the vulnerabilities by their affected assets with logical conditions combined by the "and" operator. The parameters that can be used for filtering: 

  • Hostname

  • IP

  • Asset Source

  • OS

  • Tags

4. Remediation actions can be applied by multiple collaboration / deployment tools:

Collaboration tools:

  • Service Now

  • Jira

  • Slack

  • Email (this action can also be triggered when the vulnerability breaches SLA)

Deployment tools: 

  • Ansible (via S3 bucket)

  • Chef

General notes:

  • You can decide to trigger the playbook on existing vulnerabilities or run it only on new ones.

  • Playbooks run after any configurational change, as well as twice a day (scheduled).  

  • Each Playbook is independent, it will trigger based on the conditions set regardless of other playbooks configured that executed before or after.

  • For detailed instructions on how to manage playbooks, please visit here.


Did this answer your question?