Hi Joe, I started work on something similar in insightConnect but it’s not exactly efficient, and would have likely ‘denial of serviced’ our own ticketing systems with the criteria I was using so put it on hold!
The way I did it was as follows:
Create a workflow that starts with an Asset Search step. Then add a loop around each asset. Then clear a Global Artifact (which is used to store the vulns per asset in, rather than creating per vuln tickets). Then run a Get Asset Vulns step. But that only contains the basics so then add another loop around the vulns discovered. Then check the Vuln risk score in a decision step and, if above the required crtieria, perform a ‘Get Vuln Details’ step to retrieve the data into an array. Then run a Get Solution step to return the solution. Then write it all into the Global Artifact. Once the loop around the asset is complete, create a ticket and email as required, clears the GA and moves onto the next asset.
Whenever i ran it on a limited number of assets it took an amount of time to run that meant it was probably not feasible to apply to our whole list of assets so I parked it. That said I ran it all using v6.1.0 of the plugin so there may be improvements in the latest version to make this easier.
UPDATE: I’ve coincidentally just seen this post which says that loops take exponentially longer on each iteration so I wouldn’t recommend the above (which loops inside a loop inside a loop) until that’s resolved!