Help Center/ SecMaster/ User Guide/ Playbook Overview/ Auto High-Risk Vulnerability Notification

Updated on 2025-01-20 GMT+08:00

View PDF

Auto High-Risk Vulnerability Notification

Playbook Overview

This playbook can automatically notify of high-risk server vulnerabilities to operations personnel.

The Automatic notification of high-risk vulnerabilities playbook has been matched the Auto High-Risk Vulnerability Notification workflow. This workflow needs to use Simple Message Notification (SMN) to send notifications. So you need to create and subscribe to a notification topic in SMN.

If a high-risk vulnerability was reported by HSS, SMN sends a notification to operations personnel.

Figure 1 Auto high-risk vulnerability notification workflow

Prerequisites

You have enabled Host Security Service (HSS) alarm access on the Data Integration page under the Settings pane. For details, see Data Integration.
Figure 2 Access to HSS alerts

To view integrated data, choose Risk Prevention > Vulnerabilities.

Figure 3 Viewing vulnerabilities

SecMaster has obtained the SMN FullAccess permission, which specifies all permissions of SMN.

**Table 1** Description
Permission	Description	Principal	Usage
SMN FullAccess	All permissions for SMN.	SecMaster_Agency	SecMaster uses SMN to send playbook execution notifications.

Perform the following steps to check whether SecMaster has obtained the SMN FullAccess permission: If the permission is not allocated, allocate it to SecMaster by referring to Authorizing SecMaster.

Log in to the console as the administrator.
Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
In the navigation pane on the left, choose Agencies. On the Agencies page, click SecMaster_Agency and then click the Permissions tab to view all authorization records of SecMaster_Agency.

Step 1: Create and Subscribe to a Topic

The Auto High-Risk Vulnerability Notification workflow uses Simple Message Notification (SMN) to send notifications. You need to create and subscribe to a topic for receiving notifications.

Log in to the management console.
In the upper left corner of the page, click and choose Management & Governance > Simple Message Notification.
Create a topic.
1. In the navigation pane on the left, choose Topic Management > Topics. In the upper right corner of the displayed page, click Create Topic.
2. In the Create Topic dialog box displayed, configure topic information and click OK.
  - Topic Name: Set it to SecMaster-Notification.
  - Display Name: SecMaster notification topic is recommended.
  - Retain the default settings for other parameters.
  Topic Name must be to SecMaster-Notification, or playbooks may fail to be executed.
Add a subscription.
1. On the Topics page, locate the row that contains the SecMaster-Notification topic and click Add Subscription in the Operation column.
2. On the displayed Add Subscription slide-out panel, configure subscription information and click OK.
  - Protocol: Select Email.
  - Endpoint: Enter the email address of the subscription endpoint, for example, username@example.com.
Confirm the subscription.
After a subscription is added, a confirmation email will be sent to the email address set in 4. Click the subscription confirmation link in the email. A page for a successful subscription will be displayed.

Step 3: Configure and Enable the Playbook

In SecMaster, the initial version (V1) of the Auto High-Risk Vulnerability Notification workflow is enabled by default. You do not need to manually enable it. The initial version (V1) of the Automatic notification of high-risk vulnerabilities playbook is also activated by default. To use it, you only need to enable it.

On the Playbooks page, locate the row that contains the Playbooks playbook and click Automatic notification of high-risk vulnerabilities in the Enable column.
In the dialog box displayed, select the initial playbook version v1 and click OK.