About
The "Edit Risk Automation" enables you to automate the adjustment of risk levels for specific vulnerability instances. This feature leverages Vulcan's advanced filters to create rules and criteria to automate risk adjustments, streamlining the process to align with organizational policies and compliance requirements. It introduces efficiency by reducing manual effort and errors, supporting audit logging, and the ability to override previous risk changes. This automation ensures dynamic risk management that keeps pace with evolving security landscapes, enhancing decision-making and policy adherence, ultimately contributing to a more robust cybersecurity posture.
The "Edit Risk Automation" feature in the Vulcan Cyber Platform is designed for Vulnerability Managers who wish to automate the risk level adjustments of vulnerabilities based on specific conditions like tags or names. For example, creating an automation to change the risk of vulnerabilities tagged "Test" to low (0-40), overriding the Vulcan Platform's given score.
Configuring Edit Risk Automation
Navigate to Automation > Create New Playbook.
Use the Magic Search parameters to define conditions for vulnerabilities and assets triggering the automation. The Automation will only affect vulnerabilities and assets matching these criteria.
Leverage parameters and operators, including AND/OR clauses and group statements. This allows for the definition of complex and targeted Playbooks tailored to specific needs.
Click "Preview Vulnerability Instances" to clearly understand which vulnerabilities the playbook targets.
Enable/disable the option to run the Playbook on existing vulnerabilities or only on future ones.
Select "Edit Risk" under Remediation actions.
Set the New risk score and enable the relevant checkboxes.
The checkboxes in the "Edit Risk Automation" setup offer nuanced control over how risk adjustments are applied:
Override previous risk changes: When checked, this option allows the automation to update vulnerabilities' risk scores even if they've been manually adjusted before. If unchecked, the automation will only apply to vulnerabilities whose risk hasn't been manually edited.
Enable risk decrease: This checkbox permits the automation to lower the risk score of a vulnerability, even if it results in a decrease from its current score.
Enable risk increase: Similarly, checking this option allows the automation to increase a vulnerability's risk score, potentially raising it above its current level.
Add comments for tracking in the Activity tab of the Vulnerability or asset card.
You can select to Post the automation notification to a Slack Channel (if integrated). Note that all other options are disabled as they aren't supported for this feature at this moment.
When you are done, click Save and Run.