Skip to main content
All CollectionsTemplatesIntermediate
Update Jira Status/User on Device with CVE Tag (Armis) - Workflow Template
Update Jira Status/User on Device with CVE Tag (Armis) - Workflow Template

Query Armis for devices with a specific tag where a vulnerability was found in a previous workflow and update Jira and user on the status.

Updated over 7 months ago

This workflow template provides an automated process for addressing network security threats by integrating with Armis to monitor devices tagged with vulnerabilities. Upon identification of devices with a specific vulnerability tag, the workflow queries Armis for the current CVE status, updates the relevant Jira ticket accordingly, either marking it as resolved or leaving it open, and informs the assigned user via Slack or Email about the status change. This enhances efficiency in vulnerability management and ensures timely communication within the security response team.

Optional Triggers

Webhook

Use Cases

Remediate Network Security Alerts

Workflow Breakdown

  1. Query Armis for devices that match a specific Tag

  2. Get the status from Armis on the CVE status of the device

  3. If the vulnerability is remediated, mark the Jira issue as done and remove the tag from Armis

  4. If the vulnerability is still open, update the Jira issue and notify the user via Slack or Email

Vendors

Slack, Utils, HTTP, Microsoft Outlook, Microsoft 365, Jira Cloud, Armis

Workflow Output

Updated Jira ticket information based on Armis data

Tips

Use with the \"Network - Hunt for specific CVE and Attempt Remediation (Armis)\" workflow that adds the specific tag to Armis","Modify the \"set workflow variable\" step to match your environment","Workflow can be run on a schedule

Did this answer your question?