In the Tines Library, run by the team on Workflow Orchestration and AI Tines Tines Publication of the community.
A recent highlight is a workflow that automates CISA security recommendations and other suppliers, enriches consultations with Crowdstrike Persondation Intelligence, and streamlines tickets and notifications. Designed by Josh McLaflin, LivePerson security engineers, the workflow dramatically reduces manual work, keeping analysts that control the final solutions, helping the teams to stay on top of new vulnerabilities.
“Before automation, the creation of tickets for 45 vulnerabilities took about 150 minutes of work,” Josh explains. “After automation, the time required for the same number of tickets that fell up to 60 minutes, saving considerable time and releasing analysts from manual tasks such as accelerating copies and watching websites.” The LivePerson security team has reduced the time when this process takes 60% through automation and orchestration, creating a great stimulus for both efficiency and moral analytics.
In this leadership, we will share the workflow review, as well as step -by -step instructions for raising and launching.
Problem – Manual Tracking Critical Recommendations
For safety groups, timely awareness of recently disclosed vulnerabilities is important, the monitoring of multiple sources is important, enriching the recommendations with the threat, and the creation of tickets takes a lot of time and are prone to task errors.
Often teams should:
- Manually check CISA and other sources for recommendations
- Studies related to Cves
- Decide whether you need actions
- Create tickets manually and inform the stakeholders
These recurrent steps not only consume valuable analytics time, but also risk conflicting answers when an important vulnerability is missed or delayed.
Solution – Automated monitoring, enrichment and tickets
John Josh work process automates at the end by the end Ale Main, it supports analysts in control at key solutions:
- It pulls out new recommendations from CISA (or selected open source channel)
- This enriches the conclusions using the Crowdstrike Intelligence
- It announces the security team in SLACK and offers them quickly to provide contributions through approval and refusal
- After approval, it automatically creates a ticket on Servicenow with details of vulnerability
The result is an orderly and effective process that provides the speed of vulnerability and act without damaging critical thinking and priorities that can only provide analysts.
The main advantages of this workflow:
- Reduces manual effort and accelerates response time
- Uses Intelligence Threat to more reasonable prioritization
- Provides consistent management of new vulnerabilities
- Strengthens security cooperation and IT -Mamond
- Enhances the morale by eliminating tedious tasks
- Keeps Analysts in Control with Simple, Quick Approval
Review the workflow
Used tools:
- Tires – workpiece orchestration and AI platform (available community edition)
- Crowdstrike – Platform threats and platform Edr
- Servicenow – tickets and platform ITSM
- Slack – platform for team collaboration
How does it work:
- RSS submission collection: receives the latest recommendations from the RSS -Canal CISA
- Deduplication: Filter Duplicate Recommendations
- Suppliers filtering: focus on key suppliers and services recommendations (eg Microsoft, Citrix, Google, Atlassian).
- Removal CVE: Identify cve from advisory descriptions
- Enrriching: Cross -link Cves with Crowdstrike Threats to Additional Context
- Leak notice: Sends enriched vulnerability with action buttons to special channel Slack
- Stream approval:
- If it is approved, the workflow creates a ticket on Servicenow
- If denied, the work process entered the decision without creating a ticket
Setting up workflow-package guidance
 |
| Form Registration Tines Community Edition |
1. Log in to the teeth Either create a new account.
2. Go to a pre -built workflow in the library. Choose imports. This should lead you to your new pre -built workflow.
 |
| Working process on the tip tines |
 |
| Adding new powers to your teeth |
3. Set your credentials
You will need three credentials added to your Tines tenant:
- Crowdstrike
- Servicenow
- Sloping
Please note that such services with the above can be used, with some workflow adjustments.
On the account page, select new credentials, scroll down to the appropriate credentials and fill in the required fields. Keep track of Crowdstrike, Servicenow and Slack Revience Hides on Eulter.tines.com if you need help.
4. Set up your actions.
- Install Slack Channel for advisory notifications (Slack_channel_vuln_advisory Resource).
- Install the Servicenow data in the ticket to create in action servicenow (such as priority, assignment).
- Adjust suppliers filtering rules if necessary to meet your organization’s priority.
5. Check the workflow.
Run the test by pulling out the latest recommendations from CISA and make sure:
- Slack notifications are sent with the correct formatting
- The approval buttons are functioning as expected
- Tickets on Servicenow created correctly after approval
6. Submit and promptly
After checking, publish the workflow. Share the Slack Channel with your team to start considering and approve the recommendations.
If you want to check this workflow, you can subscribe to Free account.
