I have a workflow that loops around a list of assets retrieved from insightVM. In the next step it retrieves the vulnerabilities on the asset (Get Asset Vulnerabilites) and then loops around those vulns to retrieve additional details of each vuln (Get Vulnerability Details). In this next loop it checks the vuln for a risk score and, if above a specific value, it was emailing the details of the host and vuln to me (as a test). My ultimate aim is to create tickets in our ticketing system.
However, doing it per vuln is going to create such a huge amount of tickets (especially after patch Tuesday even with a high risk score parameter), that it’ll probably perform a DOS attack on our ticketing system!
Therefore, instead I want to create tickets per asset but can’t work out how to store the vuln detail in such a way that i can reference it two steps back up the loop. If I use the output from the lowest loop, i can reference that but then need to save it somehow and keeping adding to it to then be able to use it all at the top level when i send the email per asset with the list of vulns matching the criteria on that asset. Just appending out to a CSV file that i can then add to the email and then delete\wipe after each asset loop would be fine at this stage.
This seems like it should be straight-forward, but i’m having trouble working this out.