The workflow template streamlines the threat response process by integrating with Slack for CVE mentions, querying Snyk, Wiz, and Armis for potential vulnerabilities, and managing findings through Jira issue tracking. Upon CVE mention in Slack, the workflow searches for relevant Common Vulnerabilities and Exposures (CVEs) across the specified security platforms. It then reports findings back in Slack, systematically opens or updates parent and child Jira issues for actionable tracking and, if no findings are present, and a parent issue exists, it adds a comment and closes the issue, ensuring comprehensive threat management and communication within the team.
Trigger
Slack
Optional Triggers
"Microsoft Teams"
Use Cases
Security Bots , Threat Hunting
Workflow Breakdown
Receive mention from Slack on cve-search
Search for CVE in Snyk, Wiz and Armis
Report current findings in Slack
Open Jira parent and child issues for each platform if one does not exist.
Update the JSON attachment in the child issue with the findings, and any changes from the previous execution
If no findings are found and a parent issue exists, add comment and close the parent issue
Vendors
Slack, Utils, Wiz, Jira Cloud, Recorded Future, Armis, Snyk
Workflow Output
Output to Slack and Jira issues