This Torq workflow template is designed for Cloud Security Posture Management (CSPM). It automates the remediation process of AWS EC2 instances with open SSH access detected by Wiz. The workflow retrieves instance and security details, identifies the instance owner via Slack, offers the owner options to stop the instance or modify the security group to restrict SSH access, and if needed, opens a security ticket in Jira. This ensures immediate response to potential vulnerabilities, maintaining strong security compliance.
Trigger
Wiz
Use Cases
CSPM
Workflow Breakdown
Retrieve instance details including tags and security group information
Find the user or channel in Slack
Reach out to the instance owner, ask if it could either be stopped or its Security Group - modified
If the user approves - modify the security group restricting SSH access and add corp access
If the user approves - stop the instance
If the user doesn't approve either option - open a security ticket in Jira
Update the handling status in Wiz and via Slack. Update notes on the Wiz issue.
Vendors
AWS, Slack, Utils, Wiz, Jira Cloud
Workflow Output
Success/Failure, Jira Ticket and Slack message updates
Tips
Setup Wiz to send alerts for \"Linux VM instance with wide SSH exposure\" to the Torq webhook