Skip to main content
All CollectionsTemplatesIntermediate
Hunt for specific CVE and Attempt Remediation (Armis) - Workflow Template
Hunt for specific CVE and Attempt Remediation (Armis) - Workflow Template

Query Armis for specific CVE to look for threat, query information from Armis and Jamf, place device into Jamf patch group and notify user.

Updated over 7 months ago

This workflow template focuses on proactively identifying and remediating network security threats related to specific Common Vulnerabilities and Exposures (CVEs). Leveraging integrations with Armis, Jira, Jamf, and Slack, the workflow automates the process of querying for CVE details, opening a Jira issue for tracking, placing vulnerable devices into an appropriate Jamf patch group for the CVE, tagging the device in Armis, and notifying the affected user via Slack. The goal is to streamline network safety measures and efficiently manage the remediation process for flagged vulnerabilities.

Optional Triggers

Webhook

Use Cases

Remediate Network Security Alerts

Workflow Breakdown

  1. Query Armis for specific CVE of interest

  2. If found, query Armis for additional information on the device

  3. Open Jira issue with details found in Armis

  4. If managed via Jamf, add device to the Jamf patch group for this CVE

  5. Add a tag in Armis for follow up workflows to track the remediation process

  6. If the user is found in Slack, update the user on the task started with Jamf

Vendors

Slack, Utils, HTTP, Jamf, Jira Cloud, Armis

Workflow Output

Slack communication with the user and updated tag on vulnerable devices in Armis

Tips

Setup all relevant information in the first workflow variable step of the workflow.","A tag is added to the Armis device with the format \"Torq_CVE-12345_Jira-ID\" or \"Torq_CVE-12345\

Did this answer your question?