Help Center/ SecMaster/ User Guide/ Playbook Overview/ Auto High-Risk Vulnerability Notification
Updated on 2024-09-06 GMT+08:00
View PDF

Auto High-Risk Vulnerability Notification

Playbook Overview

This playbook can automatically notify of high-risk server vulnerabilities to operations personnel.

The Automatic notification of high-risk vulnerabilities playbook has been matched the Auto High-Risk Vulnerability Notification workflow. This workflow needs to use Simple Message Notification (SMN) to send notifications. So you need to create and subscribe to a notification topic in SMN.

If a high-risk vulnerability was reported by HSS, SMN sends a notification to operations personnel.

Figure 1 Auto high-risk vulnerability notification workflow

Prerequisites

You have enabled access to Host Security Service (HSS) alerts on the Data Integration page under the Settings pane. For details, see Data Integration.

Figure 2 Access to HSS alerts

To view integrated data, choose Risk Prevention > Vulnerabilities.

Figure 3 Viewing alerts

Step 1: Create and Subscribe to a Topic

The Auto High-Risk Vulnerability Notification workflow uses Simple Message Notification (SMN) to send notifications. You need to create and subscribe to a topic for receiving notifications.
  1. Log in to the management console.
  2. Log in to the management console.
  3. In the upper left corner of the page, click and choose Management & Governance > Simple Message Notification.
  4. Create a topic.
    1. In the navigation pane on the left, choose Topic Management > Topics. In the upper right corner of the displayed page, click Create Topic.
      Figure 4 Create Topic
    2. In the Create Topic dialog box displayed, configure topic information and click OK.
      • Topic Name: SecMaster-Notification is recommended.
      • Display Name: SecMaster notification topic is recommended.
      • Retain the default settings for other parameters.
      Figure 5 Create Topic
  5. Add a subscription.
    1. On the Topics page, locate the row that contains the SecMaster-Notification topic and click Add Subscription in the Operation column.
    2. On the displayed Add Subscription slide-out panel, configure subscription information and click OK.
      • Protocol: Select Email.
      • Endpoint: Enter the email address of the subscription endpoint, for example, username@example.com.
      Figure 6 Add Subscription

Step 2: Configure an Asset Connection

Before using the Auto High-Risk Vulnerability Notification workflow, you need to configure the SMN notification token for operational personnel asset connection first.

  1. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  2. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
    Figure 7 Workspace management page
  3. In the navigation pane on the left, choose Security Orchestration > Playbooks. On the displayed page, click the Asset Connections tab.
    Figure 8 Asset connection tab page
  4. On the Asset connection page, locate the row that contains the SMN notification token for operational personnel connection and click Edit in the Operation column.
  5. On the Edit pane sliding out from the right, configure endpoint information.
    Figure 9 Editing an asset connection

    endPoint: Set this field to https://{{SMN_ENDPOINT}}/ v2 /{{project_id}}/notifications/topics/urn:smn:{{region_id}}:{{project_id}}:SecMaster-Notification.

    • SMN_ENDPOINT: Enter the domain name for invoking the SMN service. The value is in the format of endpoint:443. Obtain the endpoint information from the Regions and Endpoints. For example, if you choose CN North-Beijing4, enter "smn.cn-north-4.myhuaweicloud.com:443" in this field.
    • project_id: Enter the ID of the project that the current workspace belongs to. To view the project ID, take the following steps:
      1. Log in to the management console, hover the mouse over the username in the upper right corner, and select My Credentials from the drop-down list. The API Credentials page is displayed by default.
      2. On the API Credentials page, view the project ID in the project list.
        Figure 10 Project ID
    • urn:smn:{{region_id}}:{{project_id}}:SecMaster-Notification: Enter the URN of the SMN topic for sending email notifications. To view the URN, take the following steps:
      1. In the upper left corner of the page, click and choose Management & Governance > Simple Message Notification.
      2. In the navigation pane on the left, choose Topic Management > Topics.
      3. In the topic list, view the topic URN of the topic created in Step 1: Create and Subscribe to a Topic.
        Figure 11 Topic URN
  6. Click OK.

Step 3: Configure and Enable the Playbook

In SecMaster, the initial version (V1) of the Auto High-Risk Vulnerability Notification workflow is enabled by default. You do not need to manually enable it. The initial version (V1) of the Automatic notification of high-risk vulnerabilities playbook is also activated by default. To use it, you only need to enable it.

  1. On the Playbooks page, locate the row that contains the Automatic notification of high-risk vulnerabilities playbook and click Enable in the Operation column.
  2. In the dialog box displayed, select the initial playbook version v1 and click OK.
Parent topic: Playbook Overview