This workflow template provides an automated process for addressing network security threats by integrating with Armis to monitor devices tagged with vulnerabilities. Upon identification of devices with a specific vulnerability tag, the workflow queries Armis for the current CVE status, updates the relevant Jira ticket accordingly, either marking it as resolved or leaving it open, and informs the assigned user via Slack or Email about the status change. This enhances efficiency in vulnerability management and ensures timely communication within the security response team.
Optional Triggers
Webhook
Use Cases
Remediate Network Security Alerts
Workflow Breakdown
Query Armis for devices that match a specific Tag
Get the status from Armis on the CVE status of the device
If the vulnerability is remediated, mark the Jira issue as done and remove the tag from Armis
If the vulnerability is still open, update the Jira issue and notify the user via Slack or Email
Vendors
Slack, Utils, HTTP, Microsoft Outlook, Microsoft 365, Jira Cloud, Armis
Workflow Output
Updated Jira ticket information based on Armis data
Tips
Use with the \"Network - Hunt for specific CVE and Attempt Remediation (Armis)\" workflow that adds the specific tag to Armis","Modify the \"set workflow variable\" step to match your environment","Workflow can be run on a schedule