We’re starting work on four new InsightVM triggers and are collecting ideas for how these triggers might unlock some new use cases for our VM + Connect users.
Please comment with any use cases you can think of that could be enabled by any of the following new InsightVM trigger types!
- New Asset Found – event triggered upon a new asset being discovered during a scan.
- New Vulnerability Found – event triggered upon one or more new vulns are found on asset after a scan or agent assessment
- Asset Deleted – event triggered when an asset is deleted
- Vulnerability Remediated – Event triggered when one or more vulns disappear from an asset after a scan or agent assessment. Includes vuln exceptions.
Note that these triggers may use common VM filters, eg
asset.ipv4 > 10.2.0.0 AND asset.ipv4 < 10.2.1.0 ,
asset.os = Windows Server 2012 ,
vulnerability.cvssScore > 6 , etc.
A few of our ideas thus far…
- From 1. New Asset Found, check installed software packages, and notify administrators if the asset is missing a required software package.
- From 2. New Vulnerability Found, open new ticket in ITSM solution (likely using vuln filters on risk or severity and/or asset filters on asset type or network range)
- From 3. Asset Deleted, remove asset from CMDB solution
- From 4. Vulnerability Remediated, lookup and close relevant ticket(s) in ITSM solution
What else comes to mind?