When creating a JIRA ticket, Vulcan will generate the details into the JIRA ticket by 5 main subjects:

1. Vulnerability Details

2. Vulnerability Solutions

3. Vulnerability Description

4. CVEs, CWEs

5. Source triggered in Vulcan (Automation vs Manual)

6. Statuses

Vulnerability details:

  1. Link to the Vulnerability page on Vulcan

  2. Risk score

  3. Number of affected assets that match to the playbook criteria
    *The Assets information will be attached as CSV to the ticket

  4. Exploitability items

  5. Related assets tags and their impact in Vulcan.

Example - Vulnerability on Vulcan

Vulnerability Solutions

Solutions will attach to the ticket in two ways:

1. In the ticket description, Vulcan will generate the best first 10 solutions. (Solution number 1 will be the most effective to use).
For example:

2. As attache CSV, Vulcan will generate the full list of fixes, by effectiveness hierarchy. On the CSV, the solutions will contain the solution source by link and not the full description.

Vulnerability description

Vulcan will attach the description as presented in the platform.

CVEs, CWEs

Vulcan will attach the CVE and CWE information to the JIRA description field:

Source triggered in Vulcan

Vulcan will mention on the ticket discretion whether the ticket created by Automation and the number of the triggered playbook.

Statuses

Open status

Vulcan will set the status of the tickets as 'Open', when the tickets are opened by an automation.

Done status

Users can choose if the Vulcan automation will close or not a ticket when creating a Playbook. The following conditions need to be fulfilled to mark a Jira issue as done:

  • The option to 'Mark issue as done' in the Playbook was enabled

  • All vulnerability instances in a campaign created by a Playbook are fixed

  • There is a transition that allows a ticket to transit from Open >> Done

The issue in Jira will be closed succesfully.

Did this answer your question?