Cisco Secure Endpoint - Get Vulnerability Summary for Assets
This incident response workflow fetches vulnerability information from Cisco Secure Endpoint for assets involved in an incident when triggered from a playbook or using an automation rule. When using this workflow in a playbook, vulnerability information is fetched for the assets selected by the user. When using this workflow with an incident automation rule, vulnerability information is fetched for all incident targets.
Description
This incident response workflow fetches vulnerability information from Cisco Secure Endpoint for assets involved in an incident when triggered from a playbook or using an automation rule. When using this workflow in a playbook, vulnerability information is fetched for the assets selected by the user. When using this workflow with an incident automation rule, vulnerability information is fetched for all incident targets.
Target: Secure Endpoint - v1
Steps:
- Detect the start type and extract the supported observables
- Check if any supported observables were found (if not, end the workflow)
- For each observable:
- Check the observable's type:
- If a Secure Endpoint computer GUID, set the local GUID variable
- If a hostname or an IP address, search for it in Secure Endpoint and set the local GUID variable (if not found, skip the observable)
- Fetch the computer's details and CVEs and update the workflow result
- Check the observable's type:
This workflow requires the following targets to be available before it can be run.
Integration targets
- Secure Endpoint