- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2024 11:23 AM
In Vulnerability Response, we have an auto-close configuration set to close stale detections based on 'Detections last found' value being found 30 days ago. The option allows you to set only one value that applies across all detections. We're happy with that in general.
However, our cloud team would like to auto-close detections on transient workloads on a more rapid timeline, perhaps 7 days.
We have only one vulnerability source / integration right now - Rapid7.
Has anyone worked out a way to have more than one auto-close configuration and have them be conditionally based?
Looking for any suggestions, thanks!
Solved! Go to Solution.
- Labels:
-
Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2024 05:06 AM
Hi Aaron, I spoke with my teammate about getting you a couple of samples. But then we realized that the latest plugin version of Vulnerability Response now allows you to create multiple different Auto-close rules in which you can set the criteria of what you want to close and when. We will likely be getting rid of our Flow Designer rules and instead using these.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2024 11:51 AM
Hi Aaron, we had similar needs as we wanted to close out our ephemeral AWS instances in a much quicker manner. We didn't have any options for multiple auto-close detections so we decided to use Flow Designer to close VITs based on specific criteria. We still have our base auto-close detection, but we do have a 4 or 5 other Flow Designer scripts that will check daily and closed based on their criteria.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2024 01:44 PM
Hi Kevin, would you mind sharing a little more detail on how that was accomplished? Perhaps samples?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2024 05:06 AM
Hi Aaron, I spoke with my teammate about getting you a couple of samples. But then we realized that the latest plugin version of Vulnerability Response now allows you to create multiple different Auto-close rules in which you can set the criteria of what you want to close and when. We will likely be getting rid of our Flow Designer rules and instead using these.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2024 06:34 AM
Thanks for pointing that out, Kevin. Coincidently, I had just installed the latest version yesterday in our development environment and am pleased to verify your statement, finding this now to be OOB functionality.