This workflow template focuses on proactively identifying and remediating network security threats related to specific Common Vulnerabilities and Exposures (CVEs). Leveraging integrations with Armis, Jira, Jamf, and Slack, the workflow automates the process of querying for CVE details, opening a Jira issue for tracking, placing vulnerable devices into an appropriate Jamf patch group for the CVE, tagging the device in Armis, and notifying the affected user via Slack. The goal is to streamline network safety measures and efficiently manage the remediation process for flagged vulnerabilities.
Optional Triggers
Webhook
Use Cases
Remediate Network Security Alerts
Workflow Breakdown
Query Armis for specific CVE of interest
If found, query Armis for additional information on the device
Open Jira issue with details found in Armis
If managed via Jamf, add device to the Jamf patch group for this CVE
Add a tag in Armis for follow up workflows to track the remediation process
If the user is found in Slack, update the user on the task started with Jamf
Vendors
Slack, Utils, HTTP, Jamf, Jira Cloud, Armis
Workflow Output
Slack communication with the user and updated tag on vulnerable devices in Armis
Tips
Setup all relevant information in the first workflow variable step of the workflow.","A tag is added to the Armis device with the format \"Torq_CVE-12345_Jira-ID\" or \"Torq_CVE-12345\