Two similar Workflows

There are two Workflows in the Vulnerability Toolkit that look very similar:

  • Lookup Exploit with AttackerKB from Microsoft Teams
  • Lookup Vulnerability from Microsoft Teams

I noticed that both listen for the Regex !lookup-vuln
Is the AttackKB one replacing the vulnDB one? Should they be combined to look at both DBs? or should the Regex for the AttackKB one be modified to look for something like !lookup-exploit ?

Hey Brandon! You’re spot on, these two workflows share the !lookup-vuln trigger command.

When planning these workflows, we thought it made more sense to “overload” this trigger so both workflows would run if they are both active. One is not meant to be a replacement of the other; rather, they’re meant to be complementary.

A couple of reasons we didn’t combine these into one workflow:

  1. By making them separate workflows, they can run in parallel rather than sequentially
  2. As with all the workflow templates we put out there, our goal is to provide immediate value but also give workflow builders a jumping-off point for more advanced or custom use cases.

If someone took the time to combine these two workflows into one that performs both the vulnerability and the exploit lookup, and that someone felt inspired enough to contribute it back to us, then we would be more than happy to post it to the extension library and shower that someone with thanks, praise, and forum badges!! :sunglasses:

I’ve been thinking about this and I kind of like the parallel functionality. I have been thinking about expanding this to get the assets that are vulnerable to a CVE or the ability to query an asset and CVE and it will return if it is vulnerable or not. I will share these with the community once I have them.

1 Like

Just did a PR for “Lookup Vulnerability from Microsoft Teams” with the commit “Consolidated Teams Settings into one step” because I loved how the other workflows used the Type Converter to centralize all the settings needing changed, definitely something I will be doing in all my Workflows and I think should be a standard. The PR is under my GitHub name so I don’t think it will link here.

1 Like