Overview


About

Just like Service Now and Jira integrations with the Vulcan PLatform, the Azure Boards integration lets you take actions on vulnerabilities and open Azure Boards tickets, as well as creating automation directly through the Vulcan Platform, your one-stop-shop vulnerabilities management system.


Prerequisets and User Permissions

To establish an integration between the Vulcan Platform and Azure Boards, you need to create a dedicated Access Token with the relevant permissions.

To generate a Personal Access Token in Azure Boards and set up permissions:

  1. Login to you Azure Boards (DevOps) and go to your account > Personal access tokens.

  2. Click to create + New Token.

  3. In the "Create a new personal access token" window, grant your token an indicative name. For example, "Vulcan Access".

  4. Optional: Set the expiration date to match your Vulcan subscription period (a year +).

  5. For Scopes, select the "Custom defined" option and click on "Show all scopes" at the bottom. Once all scopes are opened, grant the following permissions:
    Member Entitlement Management: Read

    Work Items: Read, write, & manage

  6. Click Create to generate the token.

  7. Make sure top copy and save the token somewhere safe as it won't appear again after you close the popup.


Configure the Azure Boards Connector

Log in to your Vulcan Cyber dashboard and go to Connectors.

  1. Click on Add a Connector.

  2. Click on the Azure Boards icon.

  3. Enter the following information into the connector setup page:

    • Azure Boards Organization name (visible in your Azure Boards URL, "azure.com/organization_name/...)

    • The Personal Access Token with the proper permissions. Click here for instructions.

  4. You can enable the option to Mark Issues as Done to close tasks in Azure Boards through the Vulcan Platform (recommended).

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Azure Boards instance, then click Create (or Save Changes).

  6. Allow some time for the sync to complete. You can review the sync status under Log.

  7. To confirm that the sync is complete, navigate to the Connectors tab to check the sync status. Once the Azure Boards icon shows Connected, the connection is complete.


Take action on vulnerabilities through the Vulcan Platform

To take Action on vulnerabilities and open tickets on Azure Boards through the Vulcan Platform:

  1. Go to Vulnrabilities.

  2. Select the relevant Vulnerablilites view tab: Unique Vulnerabilities / Software Clusters / CVE Clusters.

  3. Filter the desired vulnerabilities.

  4. Select the vulnerabilities on which you would like to take remediation action.

  5. Click Take Action > Azure Boards.

  6. Complete the fields as you wish.

  7. If only one vulnerability is selected, you can review the Description field containing all the information on the vulnerability that will be included in the Azure Boards ticket.

    Example:

  8. Click Create.
    Note: All the fields and users (Asignees) are retrieved as is from the Azure Boards ticketing system, depending on the selected Project field. The selection of fields and users varies when you change the project type. Mandatory fields are marked with * in red.

    See it in action:

  9. It might take a couple of minutes for a ticket to be created in both the Vulcan Platform and in Azure Boards. Once a ticket is created, it becomes available under Campaigns for you to review and monitor. See Azure Board Remediation Campaigns (tickets).


Azure Boards Remediation Campaigns (tickets)

To review and monitor remediation campaigns and access Azure Board tickets through the Vulcan Platform:

  1. Go to Campaigns

  2. Click on the relevant campaign.

  3. You can review the status and scope of the ticket and open the actual ticket in Azure Boards by clicking on the ticket number.

    See it in action:


Automate and monitor tickets creation (Campaigns)

Just like you manually create and assign a ticket on a vulnerability or more, you can automate such process using the the Automation feature and create as many playbooks as you want, triggering each automation when a specific set of conditions is met.

  1. Go to Automation.

  2. Click to Create new Playbook.

  3. For the Playbook name section, give your playbook an indicative name and an optional ldescription. For example, "Patchable in CentOs Debian Cisco IOS".

  4. For the Vulnerabilities to fix section, set the Vulnerabilities conditions as you wish. For example:

  5. For Remediation actions, select Open Azure Boards work item.

  6. Choose the type of tickets separation and ticket behaviour, select the relevant Project, Work Item Type, Issue, Priority, Assignee, and so on.

    Note: All the fields and users (Asignees) are retrieved as is from the Azure Boards ticketing system, depending on the selected Project field. The selection of fields and users varies when you change the project type. Mandatory fields are marked with * in red.

  7. Click Save and Run.

Let's see another example in action for creating automation on Vulnerabilities discovered by Qualys on Mozilla.

What happens next?

Tickets will automatically open on Azure Boards everytime the conditions in the playbook are met.

To monitor and review the Activity log and Playbook Actions of a playbook:

Click on Playbook Actions or hover over the relevant playbook and click on Actions or Activity Log.

Did this answer your question?