Synopsis
It is possible to set up automatic rule based ticketing in Unified VRM. The general approach is to:
- Determine search parameters
- Determine selection (i.e. how many rows of vulnerabilities / assets you want pushed to your ITSM)
- Determine scheduling by notifying your assigned NopSec CSE of when you want this rule to execute
Requirements
- A working SNOW integration
Example Approach
The following is an example customer's search parameters, selection, and scheduling:
Process #1
General Notes
- Process #1's filter view is by vulnerability:
- Process #1 would ultimately create one single ticket for the remediation of the "Windows Speculative..." vulnerability across 23 assets
Process #1: 2 Tickets a week for URGENT vulnerabilities
- Every Monday and Wednesday, 00:00
- Filter: vulnerability-grade:URGENT ticketed:false risk-accepted:false false-positive:false status:OPEN
- Order by: Total Assets, Descending
- Create a ticket out of only the first row
Asset Ownership:
Assets can be assigned owners by:
- Going to the Asset Groups Module and downloading the asset group
- Changing the owner column accordingly in the .csv
- Uploading the .csv to INTEGRATE -> ASSETS -> ASSET VALUE UPLOAD
Asset owner information can be configured such that it is automatically assigned to the ITSM ticketing system's assignee field. An alternative option is to carry asset information to the ITSM and use the ITSM's asset ownership rules.
Changes
If a change is desired to existent rules, please notify your NopSec CSE.