Notification rules are the main way to automate the workflow within Nucleus.
As data flows into Nucleus from vulnerability scanners, the automation rules tell Nucleus what to do with that information, such as grouping assets that are discovered, assigning risk attributes to assets, processing vulnerabilities, and creating tickets automatically.
This allows you to predefine the vulnerabilities that should go to who, automating many of the administrative processes associated with Vulnerability Management workflows.
Creating automation rules in Nucleus is very straightforward and can be done in the following way:
1. Navigate to Automation in the lefthand navbar.
2. Here you can see the types of rules and the rules that you have already created. To add a new rule, click the Add Rule button in the tab of the type of rule you'd like to create.
Types of rules
- Asset Inventory Sync
- Vulnerability Scan Ingest
- Asset Processing
- Ticketing & Issue Tracking
- Notifications
- Asset Removal
- Asset Ignore
3. In the Add Rule window, fill out the information associated with that particular rule type.
For example, for a Ticketing & Issue Tracking rule fill out the following:
- Rule Details
- Rule Name: Fill out a name to remember what the rule is and what parameters trigger this rule. This will show up in some of the notifications.
- Example: "Ticket to NOC For New Critical Vulnerabilities on Business Critical Firewalls"
- System: Select from a list of external systems you may have connected to Nucleus. This is where you choose where the notification or ticket will go. You can choose as many of the notification methods in the rule as you wish.
- If you select an external issue/ticket, new fields will populate which will allow you to configure all the details including who will receive the ticket for this particular rule.
- Rule Name: Fill out a name to remember what the rule is and what parameters trigger this rule. This will show up in some of the notifications.
- Vulnerability Criteria
- Here you can create sets of Condition/Value pairs that are the criteria for triggering the ticketing rule.
- Asset Filters
- Select the groupings of assets you would like this rule to apply to.
Note: You can select all for all assets, or can select by asset groups, Hostnames, IP ranges, etc.
- Select the groupings of assets you would like this rule to apply to.
4. Click Save.
The rule is now saved and should show up in your notification rules list. Repeat with as many automation rules as you need in order to automate your vulnerability management workflow!
Comments
0 comments
Article is closed for comments.