Auto High-Risk Vulnerability Notification
Playbook Overview
This playbook can automatically notify of high-risk server vulnerabilities to operations personnel.
The Automatic notification of high-risk vulnerabilities playbook has been matched the Auto High-Risk Vulnerability Notification workflow. This workflow needs to use Simple Message Notification (SMN) to send notifications. So you need to create and subscribe to a notification topic in SMN.
If a high-risk vulnerability was reported by HSS, SMN sends a notification to operations personnel.
Prerequisites
You have enabled access to Host Security Service (HSS) alerts on the Data Integration page under the Settings pane. For details, see Data Integration.
To view integrated data, choose
.Step 1: Create and Subscribe to a Topic
- Log in to the management console.
- In the upper left corner of the page, click and choose .
- Create a topic.
- In the navigation pane on the left, choose Create Topic.
Figure 4 Create Topic
. In the upper right corner of the displayed page, click - In the Create Topic dialog box displayed, configure topic information and click OK.
- Topic Name: SecMaster-Notification is recommended.
- Display Name: SecMaster notification topic is recommended.
- Retain the default settings for other parameters.
- In the navigation pane on the left, choose Create Topic.
- Add a subscription.
- On the Topics page, locate the row that contains the SecMaster-Notification topic and click Add Subscription in the Operation column.
- On the displayed Add Subscription slide-out panel, configure subscription information and click OK.
- Protocol: Select Email.
- Endpoint: Enter the email address of the subscription endpoint, for example, username@example.com.
Step 2: Configure an Asset Connection
Before using the Auto High-Risk Vulnerability Notification workflow, you need to configure the SMN notification token asset connection first.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 5 Workspace management page
- In the navigation pane on the left, choose Asset Connections tab.
Figure 6 Asset Connections tab
. On the displayed page, click the - On the Asset connection page, locate the row that contains the SMN notification token connection and click Edit in the Operation column.
- On the Edit panel displayed on the right, set Attachment Type to Other and configure the endpoint information.
endPoint: Set this field to https://{{SMN_ENDPOINT}}/ v2 /{{project_id}}/notifications/topics/urn:smn:{{region_id}}:{{project_id}}:SecMaster-Notification.
- SMN_ENDPOINT: Enter the domain name for invoking the SMN service. The value is in the format of endpoint:443. Obtain the endpoint information from the Regions and Endpoints. For example, if you choose CN North-Beijing4, enter "smn.cn-north-4.myhuaweicloud.com:443" in this field.
- project_id: Enter the ID of the project that the current workspace belongs to. To view the project ID, take the following steps:
- Log in to the management console, hover the mouse over the username in the upper right corner, and select My Credentials from the drop-down list. The API Credentials page is displayed by default.
- On the API Credentials page, view the project ID in the project list.
Figure 7 Project ID
- urn:smn:{{region_id}}:{{project_id}}:SecMaster-Notification: Enter the URN of the SMN topic for sending email notifications. To view the URN, take the following steps:
- In the upper left corner of the page, click and choose .
- In the navigation pane on the left, choose .
- In the topic list, view the topic URN of the topic created in Step 1: Create and Subscribe to a Topic.
- Click OK.
Step 3: Configure and Enable the Playbook
In SecMaster, the initial version (V1) of the Auto High-Risk Vulnerability Notification workflow is enabled by default. You do not need to manually enable it. The initial version (V1) of the Automatic notification of high-risk vulnerabilities playbook is also activated by default. To use it, you only need to enable it.
- On the Playbooks page, locate the row that contains the Playbooks playbook and click Automatic notification of high-risk vulnerabilities in the Enable column.
- In the dialog box displayed, select the initial playbook version v1 and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot