About Dynamic Properties
The Dynamic property allows you to create and manage asset owners and assign remediation tickets dynamically.
How? By utilizing a new dynamic mechanism that can be enabled on asset tags that have the following format:
key represents an indicative prefix that indicates the dynamic type or category.
value represents an email address or a distribution list of the owner/s.
Dynamic tag examples:
What's in it for me as a Vulnerability Manager?
Import Dynamic details with a Key and a Value (key:value). Unlike the regular tags holding simple metadata, the Dynamic tag lets you visualize dynamic information, such as ownership tags, in the Vulcan Platform.
Filter assets by owners and review and export assets that do not have owners.
Convert regular tags to Dynamic Properties.
Create email remediation and email automation (playbook) that auto-populate the Recipients list with Asset Owner email addresses.
Sending remediation emails to multiple owners in a single campaign
Instead of sending multiple emails on the same vulnerabilities and assigning them to different recipients, you can create one email campaign on the same vulnerabilities and use the Dynamic tag property to send emails dynamically to the relevant asset owners.
For Example, you can create a single email campaign on several unique vulnerabilities. Each unique vulnerability exists on several assets (vulnerability instances). In some cases, each of these assets has a different owner. In other cases, some of the assets have the same owner.
The result of this email campaign would be:
An email is sent to every asset owner addressing the assets' vulnerabilities under their responsibility. The email alias could be a single-person email or a distribution list.
If an asset has more than one vulnerability instance in a campaign, the asset owner will receive an email on each.
You can use more than one Dynamic tag in a campaign. The Dynamic mechanism automatically matches the assets in the ticket with the owners listed in the assigned Dynamic tag(s).
See it in action
Step by step
Go to Vulnerabilities > select the Vulnerabilities you want to send remediation emails on.
Click "Take Action" and select the "Email" option.
In the "Send emails to" field, select a Dynamic tag. Feel free to add any other relevant email if relevant. The dynamic tag should contain predefined emails of asset owners (number of values = number of emails).
Select the method of email separation, per unique vulnerability or aggregated.
You can enter a fall-back email. For Example, if a vulnerability exists on an asset that doesn't have an owner, Vulcan will send an email to the fall-back recipient.
Creating a single automation (PLaybook) that sends remediation emails to asset owners dynamically
You can create one playbook using the Dynamic tag property instead of creating multiple automation playbooks for the same vulnerabilities and assigning them to different recipients every time. Using the Dynamic property, the automation playbook will automatically and dynamically send emails to asset owners upon fulfilling automation conditions.
First, if you are unfamiliar with automation creation and playbooks, you can learn about it here.
The result of this automated email campaign would be:
When the campaign conditions are fulfilled, the automation emails the relevant asset owners. The email alias could be a single-person email or a distribution list.
Since the property tag is dynamic, there is no need to modify the playbook when you add or remove owners to the Ownership tag(s) in use.
Creating Dynamic Properties
Now that you've seen the outcome of the Dynamic Properties feature, let's see how you can create and define dynamic tags.
First, you must define the dynamic tags of the assets.
Dynamic tags can be:
Ingested from connectors and converted into Dynamic tags
Creating Dynamic tags manually
You can create a dynamic tag just like any regular tag. The only difference is its format and enablement configuration. Before creating a dynamic tag property, ensure you know how Tagging works in the Vulcan platform.
The Dynamic tag format
The regular tag naming convention is arbitrary and has no particular format. Dynamic tags on the other hand must follow the following naming convention:
key:value (not case sensitive)
The key could be any prefix of your choice. For example, if you want to define a technical owner (AKA, use the dynamic property to create ownership tag), use prefixes that indicate ownership, such as "techowner:", "bizowner:", and so on.
The value must be a valid email address of an owner or a distribution list email address of multiple owners.
Step by Step
Go to Assets > Click on +Add and select New Dynamic Properties
For the tag name, make sure you use the format of key:value. For Example:
Note: The "key:value" isn't case-sensitive.
Make sure the "Use as Dynamic Property" toggle is enabled.
Set all the other properties and conditions just like regular tags.
After creating your conditions, look at the preview section to see if the Assets results match your created conditions.
You've defined a list of assets owned by the email recipient in the Tag name suffix.
Save the created Dynamic Tag.
Filtering assets by Dynamic Properties
You can efficiently find assets by dynamic property using the Magic Search filter.
Go to Assets
Click on Filter (Magic Search).
Set the search to filter by Dynamic Properties and define the search scope as needed. You can apply more filters and create complex queries to find specific assets. Learn more about the Magic Search feature.
Use existing tags as Dynamic tags
You can convert existing tags to Dynamic tags using the appropriate format (prefix:suffix). Remember that the suffix must be an email address to work with such tags. You can edit those tags and modify the suffix to an email address.
To convert the tags you can:
Find the relevant 'regular' tag you wish to convert into a Dynamic tag.
Make sure the format of the tag is
Enable the Dynamic Property toggle to activate the tag as an ownership tag.
Managing Dynamic tags
The Dynamic Properties management page (in Settings) lets you:
View tags with the proper prefix:suffix naming convention that can be converted into dynamic tags
Search for and view existing dynamic tags
Enable dynamic on the relevant tags by turning on the "Active" toggle.
See a list of active asset properties, Tagged assets, Sources, and activation status.
You can see the dynamic tags that are active in Playbooks. Active dynamic tags cannot be deleted or disabled unless you first delete or cancel the associated playbook.
Hover over the associated playbooks to see their names.
Search for existing prefix tags and enable ownership of them. Then, if the tag doesn't match the format, you can edit it and change it to the right format (Key:email).
Expected behavior of email tickets assigned to Dynamic tags
Every asset owner receives an email addressing the assets' vulnerabilities under their responsibility. The email alias could be a single-person email or a distribution list.
If an asset has more than one vulnerability instance in a campaign, the asset owner will receive an email on each instance.
You can use more than one Dynamic tag in a campaign. The Dynamic mechanism automatically matches the assets in the ticket with the owners listed in the assigned tags.
If the Dynamic tag contains an email with no assets in the campaign, the recipient will not receive any emails.
If you add another email recipient in addition to the Dynamic tag, the separate email will receive all the emails sent out to the recipients in thedynamic tag. Example:
If multiple values match the same tag prefix assigned to the same asset, the latest tag created overrides the other ones. Also, the latest tag created will appear on top of the other older dynamic tags. For Example, the asset below has two "bizowner:" dynamic tags assigned to it. In this case, Vulcan will send an email to the latest value when an email ticket is created on this asset and assigned to the "bizowner:" recipients. In this case, it is to "email@example.com."
Using the Ownership tag as a playbook condition
As an option, you can also define the Dynamic tag as a condition of the playbook. In the example below, we've added a condition to the playbook to automatically trigger an email if the subjected assets have a Dynamic tag of "bizowner:firstname.lastname@example.org" (1). Then, you need to add the same dynamic tag to the email recipients (2).