Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a task for each host and a sub-task for each vulnerability #303

Open
mskca opened this issue Oct 16, 2024 · 7 comments
Open

Create a task for each host and a sub-task for each vulnerability #303

mskca opened this issue Oct 16, 2024 · 7 comments
Labels

Comments

@mskca
Copy link

mskca commented Oct 16, 2024

Hello!

The integration creates a task for each vulnerability and creates each vulnerability instance as a sub-task.

We need an option to create a task for each host and a sub-task for each vulnerability affecting that host. This would be the opposite approach. Is it possible?

@mskca mskca changed the title Option to open a ticket per Asset Create a task for each host and a sub-task for each vulnerability Oct 16, 2024
@SteveMcGrath
Copy link
Collaborator

Totally possible, would simply require adjusting the config file by switching the task and subtask settings and adjusting the fields to properly support this. I will note that at the moment, we haven't tested any nuance from this setup.

@mskca
Copy link
Author

mskca commented Oct 16, 2024

I think I remember that in the old version we had this possibility, also, I have a scenario where I have multiple tenable tenants and I need to Integrate all of them in a single Jira tenant, is there any best practices advice for this? At the moment I am just creating the projects based on a template, but I caught some issues with jira screens for example.

@SteveMcGrath
Copy link
Collaborator

If your trying to blend in multiple integration sources and you want to ensure no conflict occurs, you may want to add a field that is simply a static value, and then assign that value differently for each run. You'd also want to modify the search to support it. For example:

Add this at the bottom of the file...

[[jira.fields]]
name        = "Tenant Name"
screen_tab  = "Asset"
type        = "readonlyfield"
searcher    = "textsearcher"
task_types  = ["subtask"]
static_value = "tenant-123"

Then adjust the search like so:

[jira.subtask]

# What fields should we use to search for a matching Sub-Task within Jira?
search.tvm  = [
    "Tenant Name",
    "Tenable Platform",
    "Tenable Plugin ID",
    "Tenable Asset UUID",
    "Vulnerability Port",
    "Vulnerability Protocol"
]
search.tsc  = [
    "Tenant Name",
    "Tenable Platform",
    "Tenable Plugin ID",
    "Tenable Asset UUID",
    "Device IPv4 Addresses",
    "Device IPv6 Addresses",
    "Vulnerability Port",
    "Vulnerability Protocol"
]

As mentioned before, I'd have to build a clean config to flip the logic from Vuln->Asset to Asset->Vuln, and that may take me a bit of time to get around to doing that and testing.

@mskca
Copy link
Author

mskca commented Oct 17, 2024

Ok, thank you very much!!

I tried myself inverting the logic to Asset -> Vulns but i got a lot of errors, so I think I will have to wait.

@SteveMcGrath
Copy link
Collaborator

Yeah the current configuration examples make a lot of assumptions on the predominant workflow of Vuln->Asset. Let me know of the tenant blending is working. if it is I'll consider that part as resolved and flag this issue as a backlog item to get to a bit later.

@mskca
Copy link
Author

mskca commented Oct 17, 2024

Yeah the multiple tenants are working also because of the project id in Jira, i created a project for each so each vulnerability goes to the right project, I was having some problems mainly because of jira screens, but i created a project template and then changed the key for each one, so this is resolved.

@nnbaokhang
Copy link

Would love to see if we can configure Asset -> Vuln in the near future.

@SteveMcGrath SteveMcGrath added enhancement New feature or request backlog labels Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants