Skip to main content
All CollectionsTemplatesIntermediate
Remediate Wiz Alert on Azure VM with Open SSH Access - Slack - Workflow Template
Remediate Wiz Alert on Azure VM with Open SSH Access - Slack - Workflow Template

Whenever an alert is raised on an Azure VM having an open access (from the internet) to SSH on port 22, orchestrate remediation.

Updated over a week ago

This workflow template orchestrates remediation for alerts triggered by Azure VMs exposed to the internet with open access on SSH port 22. The process entails retrieving the VM's details and tags, locating the instance owner via Slack (or defaulting to a Slack channel), and then requesting the owner to modify the Network Security Group (NSG). If consent is given, a rule is added to the NSG to block access. Conversely, if the owner declines or no response is given, a Jira issue is created, and the Wiz issue is updated with relevant notes. Automate the closure of potential security vulnerabilities with this robust workflow.

Trigger

Wiz

Optional Triggers

Webhook

Use Cases

CSPM

Workflow Breakdown

  1. Retrieve VM details including tags

  2. Try to find the instance owner via Slack, if not, use a Slack channel

  3. Reach out to the channel or owner and ask to modify the Network Security Group

  4. If the user agrees, add a rule to the NSG to block the access

  5. If the user does not agree, open a Jira issue and update the Wiz issue with a note

  6. If any other failure occurs open a Jira issue and update the Wiz issue note

Vendors

Slack, Microsoft Azure, Utils, Wiz, Jira Cloud

Workflow Output

Slack updates, Jira ticket and Wiz notes on remediation or other outcomes.

Tips

Setup a trigger filter for the specific policy in Wiz where the alert is generated

Did this answer your question?