A current Software Vulnerability Research (SVR) customer recently asked us:
I would like to create an alert from a[n] Advisory Database filter, is that possible? I need to create an email alert for the following:
Zero day Yes and/or No, Impact – Security Bypass, Where – From Remote and CVSS score between 8.0-10.0
How can I create an email alert for something like that?
Great question! You can provide conditions when you create a new Workflow Rule.
As an example, here's what the customer is asking for:
It should be noted that Impact is an attribute found in our Secunia Advisories, but its not currently an attribute that can be used to filter for alerting. Also, the maximum CVSS score is 10.0, so setting it to look for anything equal or higher than 8.0 will cover the customer's requirements.
Finally, click Save and then choose what the action should be when new Advisories that meet this criteria.
This action could be triggering a new ticket or incident in your ITSM solution, it could send an email or text message, or just a notification within SVR...or all of these! You can add multiple actions onto one rule if you'd like; SVR uses the AND logic rule across all of the attributes that you add for filtering.
May 07, 2020 10:22 AM