Exporting Vulnerabilities from InsightCloudSec via Bots

I’ve seen nothing regarding this topic so starting a post of my own…

Preface: We have certain applications deployed in EKS which ICS can see data for. More specifically, ICS can see code package vulnerabilities in replica sets for each of these applications.

Issue: I want to be able to send these vulnerabilities (and potentially others in the future) through a Jira integration that we have setup with ICS. This way, our devs can plan for remediating them in an automated fashion rather than us having to manually pull these vulnerabilities.

The Ask: Is it possible to pull vulnerabilities related to specific resources like replica sets in ICS and send them to Jira? I’ve attempted Jinja formatting but am not sure how that would actually look in a bot action since there’s not much good documentation for ICS out there…

This should be doable with bot actions to create Jira tickets with the right query filters to identify the relevant assets and then jinja to generate the list of vulnerabilities. Something like this:

{% for vulnerability in resource.get_vulnerabilities() %} 
{{resource.common.resource_id}},{{resource.get_organization_service().account_id}},{{ vulnerability.cve_id }},{{ vulnerability.severity }},{{ vulnerability.title }}
{% endfor %}

Getting more advanced with Jinja can be tricky but there’s some examples to reference here.