In this article, you will find the following:

  1. Background and common use case

  2. Workflow for example - How to open a campaign

  3. Workflow via ServiceNow – How is a ticket opened?

  4. Workflow via ServiceNow – How is a ticket closed?

  5. Workflow via JIRA – How is a ticket opened?

  6. Workflow via JIRA – How is a ticket closed?

  7. Compression between ServiceNow to JIRA capabilities:

1. Background and common use case

one of the most common uses in Vulcan is to utilize the scanner's data into remediation tracking processes in the organization. After identifying high-risk vulnerabilities in your environment, you can choose and apply remediation action to remediate them and using the Campaigns view to monitor the remediation progress.

This use guide outlines the most common use cases for ticket opening and tracking. For more information and best practices please contact your Customer Success Manager.

2. Workflow for example - How to open a campaign

To learn the best-practice use case, we will demonstrate the workflow of tracking after critical vulnerability that applies to the specific business unit:

  1. First, we can see there are 79 critical vulnerabilities under the "Enterprise IT" group. This is the group of vulnerabilities we want to track for remediation:

  2. Since we want to automatically track every new critical vulnerability under these criteria, we will apply an automated action by creating a new Automation Playbook.

  3. On the new playbook, we will apply the conditions to target every new critical vulnerability under the "Enterprise IT" business group:

    Under the playbook creation, you can use a lot of conditions, such as Affected OS, Vulnerability name, CVSS Score, and many more options for your use.

    4. After choosing the playbook conditions, you can choose the type of action you want to apply for the findings of the automated playbook:
    The most common use is to apply a ticket for the relevant remediation team within the organization.

    in the next sections of this guide, we will cover the workflow for each collaboration tool and make a comparison for the available feature requests.

3. Workflow via ServiceNow – How is a ticket opened?

Following the previous section example, we will walk through the automated ticket opening via ServiceNow.

After choosing ServiceNow as the remediation action, we will choose how to open the tickets.

To demonstrate the most common use case, we will choose to separate each ticket by unique vulnerability, update the ticket with subsequent discoveries, and open the ticket on the Problem table.

This way, we ensure that its unique vulnerability will group every affected asset into a Problem ticket, and each affected asset will be opened as a problem task ticket.

To demonstrate that, we will take this vulnerability for example, with the two affected assets:

And see that the automation created Problem task for the unique vulnerability (Microsoft Windows Security Update for May 2020) and problem tasks for the affected assets (SCCMSRV2016A, SCCMPLAY3WIN10)

Problem ticket for the unique vulnerability jas created:

And problem task for the affected assets:

4. Workflow via ServiceNow – How is a ticket closed?

After the tickets are created, and the automation is in place, the campaign will remain up to date based on the daily data ingestion from the scanners. Based on the ingested data, the campaign will update the tickets by the following steps:

  1. Affected assets that were vulnerable are now ingested as fixed.

  2. The status of the affected asset is changing into "Fixed" in Vulcan.

  3. The affected asset changed to "Fixed" in the open campaign.

  4. The Problem task of the affected asset is automatically moving into "Fixed.

Once all the affected assets is moved into fixed, and the campaign is completely remediated, the complete campaign will close the move to the "Closed" tab.

5. Workflow via JIRA – How is a ticket opened?

Following the section number 2 example, we will walk through the automated ticket opening via JIRA.

After choosing the JIRA as the remediation action, we will choose how to open the tickets.

To demonstrate the most common use case, we will choose to separate each ticket by unique vulnerability and update the ticket with subsequent discoveries.

This way, we are ensuring that its unique vulnerability will group every affected asset into a JIRA ticket, and each affected asset will be attached to the JIRA as attached CSV.

To demonstrate that, we will take this vulnerability, for example, with the two affected assets:

And see how it opened on the JIRA side:

Each JIRA ticket will be called after the unique vulnerability name, in our example:

Microsoft Windows Security Update for May 2020, and the related assets will attach under a CSV.

6. Workflow via JIRA – How is a ticket closed?

After the tickets are created, and the automation is in place, the campaign will remain up to date based on the daily data ingestion from the scanners. Based on the ingested data, the campaign will update the tickets by the following steps:

1. Affected assets that were vulnerable are now ingested as fixed.

2. The status of the affected asset is changing into "Fixed" in Vulcan.

3. The affected asset changed to "Fixed" in the open campaign.

4. The JIRA ticket will create a new attached CSV with the updated affected assets.

5. Once all the affected assets are moved into a fixed state and the campaign is completely remediated, the complete campaign will close the move to the "Closed" tab.

Unlike the ServiceNow option, the affected assets will be managed by attached CSV to the ticket in the JIRA ticket.

7. Compression between ServiceNow to JIRA capabilities:

Feature

ServiceNow – Problem and Problem task option

(The workflow elaborated above)

ServiceNow – Incident table option

JIRA

Ability to open a ticket for every unique vulnerability

Yes.

The ticket can be opened in the Problem table.

Yes.

The ticket can be opened in the Incident table.

Yes, the ticket will be opened as Task/Epic/or any other JIRA option.

Ability to have the affected assets related to the ticket.

Yes.

In the Problem table, the

affected assets will be opened as Problem Task under the Problem ticket.

Yes.

In the Incident table, the

affected assets will be attached as CSV.

Yes.

the

affected assets will be attached as CSV.

Ability to automatically close the ticket for each of the affected assets.

Yes.

Each affected asset will be as a Problem Task. When the affected asset will be remediated, the problem task will automatically be closed.

No.

The ticket will have an updated CSV for every update in the affected assets. But the ticket will be closed only when all the affected assets will be remediated.

No.

The ticket will have updated CSV for every update in the affected assets. But the ticket will be closed only when all the affected assets will be remediated.

Did this answer your question?