Create New Workflow Rule for Alerting Advisories with Specific Attributes
A current Software Vulnerability Research (SVR) customer recently asked us:
I would like to create an alert from a[n] Advisory Database filter, is that possible? I need to create an email alert for the following:
Zero day Yes and/or No, Impact – Security Bypass, Where – From Remote and CVSS score between 8.0-10.0
How can I create an email alert for something like that?
Great question! You can provide conditions when you create a new Workflow Rule.
- Head over to Settings > Workflow Management > Rules
- Click on the white-on-green Plus button on the top-right
- Under the Choose Rule Trigger, choose Advisory & Advisory released for a Watch List.
- You can choose to limit this alert by choosing a specific Watch List or leave that blank for it to apply across your Watch Lists
- At the bottom of the pop-up window, you'll see you can add 1 or more Advisory Conditions
As an example, here's what the customer is asking for:
It should be noted that Impact is an attribute found in our Secunia Advisories, but its not currently an attribute that can be used to filter for alerting. Also, the maximum CVSS score is 10.0, so setting it to look for anything equal or higher than 8.0 will cover the customer's requirements.
Finally, click Save and then choose what the action should be when new Advisories that meet this criteria.
This action could be triggering a new ticket or incident in your ITSM solution, it could send an email or text message, or just a notification within SVR...or all of these! You can add multiple actions onto one rule if you'd like; SVR uses the AND logic rule across all of the attributes that you add for filtering.
If I've answered your question, please mark my response as "Accept as Solution" to help others find answers. Thanks!
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.