Use Cases for Upcoming InsightVM Triggers

We’re starting work on four new InsightVM triggers and are collecting ideas for how these triggers might unlock some new use cases for our VM + Connect users.

Please comment with any use cases you can think of that could be enabled by any of the following new InsightVM trigger types!

  1. New Asset Found – event triggered upon a new asset being discovered during a scan.
  2. New Vulnerability Found – event triggered upon one or more new vulns are found on asset after a scan or agent assessment
  3. Asset Deleted – event triggered when an asset is deleted
  4. Vulnerability Remediated – Event triggered when one or more vulns disappear from an asset after a scan or agent assessment. Includes vuln exceptions.

Note that these triggers may use common VM filters, eg asset.ipv4 > AND asset.ipv4 < , asset.os = Windows Server 2012 , vulnerability.cvssScore > 6 , etc.

A few of our ideas thus far…

  • From 1. New Asset Found, check installed software packages, and notify administrators if the asset is missing a required software package.
  • From 2. New Vulnerability Found, open new ticket in ITSM solution (likely using vuln filters on risk or severity and/or asset filters on asset type or network range)
  • From 3. Asset Deleted, remove asset from CMDB solution
  • From 4. Vulnerability Remediated, lookup and close relevant ticket(s) in ITSM solution

What else comes to mind?

1 Like