InsightVMによる封じ込めの自動化

Let's explore how Automated Containment works. Here we need to define the trigger. We have two options for automatically triggering a workflow. When an asset matching the criteria is found or updated or when a vulnerability matching the criteria is found or reassessed. In this case, we'll choose a vulnerability trigger. This workflow will trigger automatically when this specific Windows SMB remote code execution vulnerability is found for the first time within the Boston site.

Next, you'll be presented with the available workflows that can be kicked off automatically. In this example, we'll select the Push Firewall Policy with Palo Alto PAN-OS workflow. This is a very simple workflow that only has one step. It adds an asset to a firewall policy that you've already configured. Next, we'll select a connection with the firewall policy and confirm the Trigger Scope. Once activated the configured workflows are automatically turned on.

By leveraging Automated Containment, we eliminate the gap between when a vulnerability is found and when the risk is mitigated.