We’re currently licensed for InsightVM and we use it for identifying the high risk assets as well as manual searching of exposure to certain vulnerabilities as we receive notifications and advisories for them. I’m trying to plan out our process for seeing vulnerabilities closed and how we followup on closure.
There are other IT folks outside of security that are responsible for their assets and would be the first point of contact to remediate a vulnerability. What I’ve been tasked to do is find a way to: 1) Get the vulnerability information for their assets to them, probably with the included remediation steps but that’s not always straight forward depending. Then followup on verifying if and when they say they’ve done their part. Trying to keep this as automated as possible since we don’t want this to be a FT job just looking over peoples shoulders and badgering them for updates.
We have the Rapid7 InsightVM cloud features at our disposal but not really using them outside of 1 or 2 remediation projects that we manually set up. If I can accomplish this soley with what is available with the Rapid7 cloud, that would be great. Hoever it seems like InsightConnect + ServiceNow/Jira to create a remediation workflow is all that is available in that respect? It’s also important/heavily desired that I be able to start separate remediation workflow for one vulnerability across multiple distict system owners.
Additionaly if there was a way to automatically kickoff a remediation workflow when vendors or ISACs send out a notification and InsightVM identifies (and continually checks for new instances) and groups them into the correct workflow for each system owner.
Do I absooltely have to susbscribe to InsightConnect or other 3rd party tools to accomplish this?