This workflow template is crafted to streamline the response to medium or high severity alerts from Uptycs within an organization. Upon receiving an alert, the process involves automatically gathering information about the affected asset and creating or updating a Jira issue to track the incident. Additionally, the workflow prompts for potential queries on the Slack channel to enrich the incident details, with options for Process List, Logged-in Users, and Shell History. Any further information gathered is then appended to the relevant Jira issue, ensuring a thorough and organized response to security alerts.
Trigger
Uptycs
Use Cases
Endpoint Detection and Response (EDR) , Threat Intelligence Enrichment
Workflow Breakdown
Receive an alert from Uptycs on a medium or high severity alert
Gather information on the asset
Open either a Jira parent issue or a child issue if a parent issue already exists
Ask the Slack channel if additional information is required. Process List, Logged in Users, and Shell History are options.
Any request for additional information will be added to the Jira issue that was created.
Vendors
Slack, Utils, Jira Cloud, Uptycs
Workflow Output
Updates via the Slack channel and Jira issue.