Might 02, 2025The Hacker NewsVulnerability Administration / Safety Operations
Run by the group at workflow orchestration and AI platform Tines, the Tines library options pre-built workflows shared by safety practitioners from throughout the neighborhood – all free to import and deploy by way of the platform’s Neighborhood Version.
A current standout is a workflow that automates monitoring for safety advisories from CISA and different distributors, enriches advisories with CrowdStrike risk intelligence, and streamlines ticket creation and notification. Developed by Josh McLaughlin, a safety engineer at LivePerson, the workflow drastically reduces guide work whereas conserving analysts in command of closing choices, serving to groups keep on high of latest vulnerabilities.
“Earlier than automation, creating tickets for 45 vulnerabilities took about 150 minutes of labor,” Josh explains. “After automation, the time wanted for a similar variety of tickets dropped to round 60 minutes, saving vital time and releasing analysts from guide duties like copy-pasting and internet looking.” LivePerson’s safety group lowered the time this course of takes by 60% by way of automation and orchestration, creating a significant increase to each effectivity and analyst morale.
On this information, we’ll share an summary of the workflow, plus step-by-step directions for getting it up and working.
The issue – guide monitoring of important advisories
For safety groups, well timed consciousness of newly disclosed vulnerabilities is crucial – however monitoring a number of sources, enriching advisories with risk intelligence, and creating tickets for remediation are time-consuming and error-prone duties.
Groups usually need to:
Manually examine CISA and different sources for advisories
Analysis associated CVEs
Resolve whether or not motion is required
Manually create tickets and notify stakeholders
These repetitive steps not solely devour useful analyst time but in addition threat inconsistent responses if an vital vulnerability is missed or delayed.
The answer – automated monitoring, enrichment, and ticketing
Josh’s pre-built workflow automates the method end-to-end – however crucially, it retains analysts in management at key determination factors:
It pulls new advisories from CISA (or a selected open-source feed)
It enriches findings utilizing CrowdStrike’s risk intelligence
It notifies the safety group in Slack, and prompts them to supply enter shortly through approve and deny buttons
Upon approval, it routinely creates a ServiceNow ticket with the vulnerability’s particulars
The result’s a streamlined, environment friendly course of that ensures vulnerabilities are tracked and actioned shortly, with out sacrificing the important pondering and prioritization that solely analysts can present.
Key advantages of this workflow:
Reduces guide effort and hurries up response time
Leverages risk intelligence for smarter prioritization
Ensures constant dealing with of latest vulnerabilities
Strengthens collaboration throughout safety and IT groups
Boosts morale by eliminating tedious duties
Retains analysts in management with straightforward, quick approvals
Workflow overview
Instruments used:
Tines – workflow orchestration and AI platform (Neighborhood Version obtainable)
CrowdStrike – risk intelligence and EDR platform
ServiceNow – ticketing and ITSM platform
Slack – group collaboration platform
The way it works:
RSS feed assortment: fetches the newest advisories from CISA’s RSS feed
Deduplication: filters out duplicate advisories
Vendor filtering: focuses on advisories from key distributors and companies (e.g., Microsoft, Citrix, Google, Atlassian).
CVE extraction: identifies CVEs from advisory descriptions
Enrichment: cross-references CVEs with CrowdStrike risk intelligence for added context
Slack notification: sends an enriched vulnerability with motion buttons to a devoted Slack channel
Approval circulation:
If accepted, the workflow creates a ServiceNow ticket
If denied, the workflow logs the choice with out making a ticket
Configuring the workflow – step-by-step information
The Tines Neighborhood Version sign-up type
1. Log into Tines or create a brand new account.
2. Navigate to the pre-built workflow within the library. Choose import. This could take you straight to your new pre-built workflow.
The workflow on Tines’ drag-and-drop canvas
Including a brand new credential in Tines
3. Arrange your credentials
You will want three credentials added to your Tines tenant:
CrowdStrike
ServiceNow
Slack
Word that related companies to those listed above can be used, with some changes to the workflow.
From the credentials web page, choose New credential, scroll all the way down to the related credential and full the required fields. Observe the CrowdStrike, ServiceNow, and Slack credential guides at defined.tines.com in the event you need assistance.
4. Configure your actions.
Set the Slack channel for advisory notifications (slack_channel_vuln_advisory useful resource).
Set your ServiceNow ticket particulars within the Create ticket in ServiceNow motion (e.g., precedence, project group).
Modify vendor filtering guidelines if wanted to match your group’s priorities.
5. Take a look at the workflow.
Set off a check by pulling current advisories from CISA, and confirm that:
Slack notifications are despatched with right formatting
Approval buttons perform as anticipated
ServiceNow tickets are created accurately upon approval
6. Publish and operationalize
As soon as examined, publish the workflow. Share the Slack channel together with your group to begin reviewing and approving advisories effectively.
If you would like to check this workflow, you’ll be able to join a free Tines account.
Discovered this text fascinating? This text is a contributed piece from one in every of our valued companions. Observe us on Twitter and LinkedIn to learn extra unique content material we publish.
