Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

Prism provides a powerful automation centre that allows users to automate their workflows with ease. It is comprised of several triggers and actions that are compiled to form a set of processes. These processes can be assigned to a project or used across the platform. This article provides an overview of the possible triggers and actions in the Prism Automation Centre, process limitations, and an example process library.

This feature is available to Enterprise Admin users within a paid for Enterprise license of Prism.

How to Set Up a New Automated Process in Prism

The Automation Centre is a feature accessible from the main sidebar menu that provides access to various tabs:

  • Active - displays the list of currently active processes.

  • Inactive - displays the list of currently inactive processes.

  • Library - contains example processes that you can use as a starting point.

  • Audit Log - contains a comprehensive log of all the processes that have run and any issues that have been affected by Prism.

To set up a new process, simply click on the "New Automated Process" button on the main Automation Centre screen. You will be prompted to provide a name for the new process and select its process type: Global or Project Based.

  • Global Process: This type of process will execute tenant-wide, regardless of the project or test/scan.

  • Project-Based: This type of process will only run within a selected project and supports custom and bespoke workflows.

Once you have completed the process setup, you will be taken to the Process Visualizer. This is the main area where you can design, test, and activate your automated workflow processes.

Process Visualiser

To get started with the Process Visualiser, you first need to select and define your trigger. This can be any of the triggers listed below. Once you have determined your trigger, you can enhance it with further conditions, such as Risk Rating, Asset Priority Rating, keyword (if using this trigger type) and Tags.

Next, you can add a series of actions that will be performed when the trigger event occurs. Process Visualiser offers a variety of actions to choose from, see the actions listed below. You can easily add actions to the visualiser by using the left pane or by using the numerous + icons within the grid.

Once you are happy with your process, you can save it by clicking "Save Automated Process". You can then preview the process by clicking the "Preview Process" button or activate it within Prism using the "Active Process" toggle.

Available Triggers

The Prism Automation Centre supports several triggers that can be used to initiate an automated process. These triggers are as follows:

  • Active Exploit: This trigger is activated when a new active exploit is detected from the daily exploit service.

  • Exploit: This trigger is activated when a new exploitable issue is detected from the daily exploit service or within a closed project.

  • Priority Rating: This trigger is activated when an issue with the selected priority rating is detected.

  • Keyword: This trigger is activated when an issue name has been detected that matches the keyword the user has specified (partial string match).

  • Severity Rating: This trigger is activated when an issue has been detected that matches an issue severity.

  • Tag: This trigger is activated when an issue has been detected that has the matching tag.

Each trigger can be enhanced with search filters such as risk rating, asset priority rating, and tags. With these enhancements, there are 36 possible combinations for triggers alone.

Available Actions

Once a trigger query has been met, there are several actions that can be taken. These actions include:

  • Assign to User: This action assigns the matching criterion to a selected user(s).

  • Assign to Team: This action assigns the matching criterion to a team(s).

  • Recast: This action recasts the matching criterion to a new severity rating (uplift or downgrade).

  • Assign Tag: This action assigns the matching criterion to an existing or new tag(s).

  • Assign Status: This action assigns the matching criterion to a given issue status (published, false positive, accept risk, suppressed, etc.).

  • Assign Priority Rating: This action assigns the matching criterion to an asset priority rating.

  • Assign to Jira: This action assigns the matching criterion to a Jira ticket.

  • Assign to ServiceNow: This action assigns the matching criterion to a ServiceNow ticket.

Process Limitations

The Prism Automation Centre has several process limitations that have been put in place. These limitations are as follows:

  • Process Trigger Limit: Users are limited to 4 action chains within a process. This limit may be increased in the future after further testing in live and client feedback.

  • Action Chain Limit: Users are limited to 4 child actions within an action chain. This limit may be increased in the future after further testing in live and client feedback.

  • Severity Rating Trigger: The severity rating trigger (unless being used as refinement tool along with another trigger) requires the automation process to be assigned to a project. This is due to potential conflicts arising as the global processes execute first, followed by the project specific process.

  • Action Duplication: Actions cannot be duplicated within a single chain. This is to guide people to assign all requirements from an action within one go to keep structure to their chains.

  • Rule Deletion: Users cannot delete an action that has children, you are required to delete each child up to the action you want to delete. This is to avoid losing action data if an action is deleted accidentally, and it also forces the user to make less reckless decisions when it comes to deleting elements of a chain.

  • Trigger Selection Required: A trigger must be selected prior to adding any actions within the chain. This ensures the user has a specific starting point for their chain and forces them to think about their expected intentions for the process.

  • Action Data: Actions need to be supplied with the relevant data in order to save an automation process.

Example Process Library

To help users get started with the Prism Automation Centre, the platform provides a selection of pre-compiled processes. These example processes can be used as templates to build custom processes. The available processes are:

  • Basic Exploit Assignment: If a new exploit is detected within Prism, assign the issue to a user.

  • P1 Critical Issue Assignment: If a P1 Asset has a Critical issue detected, then assign it to a user.

Conclusion

In conclusion, the Prism Automation Centre is a powerful feature that allows users to create automated processes using triggers and actions. Triggers can be enhanced with search filters and once a trigger query is met, a range of actions can be executed. However, there are certain limitations to the process, such as the number of action chains and child actions, and the requirement for a trigger to be selected prior to adding any actions. Additionally, the platform provides pre-compiled processes to help users get started. Overall, the Prism Automation Centre provides a flexible and customizable solution to automate tasks and streamline workflows for improved productivity.

  • No labels