Auto High-Risk Vulnerability Notification

Playbook Overview

This playbook can automatically notify of high-risk server vulnerabilities to operations personnel.

The Automatic notification of high-risk vulnerabilities playbook has been matched the Auto High-Risk Vulnerability Notification workflow. This workflow needs to use Simple Message Notification (SMN) to send notifications. So you need to create and subscribe to a notification topic in SMN.

If a high-risk vulnerability was reported by HSS, SMN sends a notification to operations personnel.

Figure 1 Auto high-risk vulnerability notification workflow

Prerequisites

You have enabled access to Host Security Service (HSS) alerts on the Data Integration page under the Settings pane. For details, see Data Integration.

Figure 2 Access to HSS alerts

To view integrated data, choose Risk Prevention > Vulnerabilities.

Figure 3 Viewing vulnerabilities

Step 1: Create and Subscribe to a Topic

Step 2: Configure an Asset Connection

Before using the Auto High-Risk Vulnerability Notification workflow, you need to configure the SMN notification token asset connection first.

1. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
2. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 5 Workspace management page
   
3. In the navigation pane on the left, choose Security Orchestration > Playbooks. On the displayed page, click the Asset Connections tab.
   Figure 6 Asset connection tab page
   
4. On the Asset connection page, locate the row that contains the SMN notification token connection and click Edit in the Operation column.
5. On the Edit panel displayed on the right, set Attachment Type to Other and configure the endpoint information.

   endPoint: Set this field to https://{{SMN_ENDPOINT}}/ v2 /{{project_id}}/notifications/topics/urn:smn:{{region_id}}:{{project_id}}:SecMaster-Notification.

   • SMN_ENDPOINT: Enter the domain name for invoking the SMN service. The value is in the format of endpoint:443. Obtain the endpoint information from the Regions and Endpoints. For example, if you choose CN North-Beijing4, enter "smn.cn-north-4.myhuaweicloud.com:443" in this field.
   • project_id: Enter the ID of the project that the current workspace belongs to. To view the project ID, take the following steps:
     1. Log in to the management console, hover the mouse over the username in the upper right corner, and select My Credentials from the drop-down list. The API Credentials page is displayed by default.
     2. On the API Credentials page, view the project ID in the project list.
        Figure 7 Project ID
        
   • urn:smn:{{region_id}}:{{project_id}}:SecMaster-Notification: Enter the URN of the SMN topic for sending email notifications. To view the URN, take the following steps:
     1. In the upper left corner of the page, click and choose Management & Governance > Simple Message Notification.
     2. In the navigation pane on the left, choose Topic Management > Topics.
     3. In the topic list, view the topic URN of the topic created in Step 1: Create and Subscribe to a Topic.
6. Click OK.

Step 3: Configure and Enable the Playbook

In SecMaster, the initial version (V1) of the Auto High-Risk Vulnerability Notification workflow is enabled by default. You do not need to manually enable it. The initial version (V1) of the Automatic notification of high-risk vulnerabilities playbook is also activated by default. To use it, you only need to enable it.

1. On the Playbooks page, locate the row that contains the Playbooks playbook and click Automatic notification of high-risk vulnerabilities in the Enable column.
2. In the dialog box displayed, select the initial playbook version v1 and click OK.