Skip to main content
All CollectionsTemplatesIntermediate
Remediate Wiz Alert on Azure VM with Open SSH Access - Teams - Workflow Template
Remediate Wiz Alert on Azure VM with Open SSH Access - Teams - Workflow Template

Whenever an alert is raised on an Azure VM having an open access (from the internet) to SSH on port 22, orchestrate remediation.

Updated over 7 months ago

The "Remediate Wiz Alert on Azure VM with Open SSH Access - Teams" workflow template offers a systematized response to alerts on Azure VMs with open SSH. It streamlines the detection and remediation process by first retrieving VM details and attempting to identify the instance owner via Teams. It then engages with the owner or a designated Teams channel to seek approval for modifying the Network Security Group (NSG). On agreement, the workflow blocks SSH access by adding a rule to the NSG. If declined, or any other failures occur, it opens a Jira issue while updating Wiz with detailed notes regarding actions taken.

Trigger

Wiz

Use Cases

CSPM

Workflow Breakdown

  1. Retrieve VM details including tags

  2. Try to find the instance owner via Teams, if not, use a Teams channel

  3. Reach out to the channel or owner and ask to modify the Network Security Group

  4. If the user agrees, add a rule to the NSG to block the access

  5. If the user does not agree, open a Jira issue and update the Wiz issue with a note

  6. If any other failure occurs open a Jira issue and update the Wiz issue note

Vendors

Microsoft Azure, Utils, Wiz, Microsoft Teams, Microsoft 365, Microsoft Teams Bot, Jira Cloud

Workflow Output

Teams updates, Jira ticket and Wiz notes on remediation or other outcomes.

Tips

Ensure Azure App Registration has permissions needed to access and modify VMs, Network Settings, and Teams users

Did this answer your question?