Automation Pipelines

Join the Preview!

Automation Pipelines is in Preview. To enroll and access the automated rules, you must register for each set of rules separately:

Automation Pipelines allows you to set up automated rules for newly discovered vulnerabilities, thus accelerating triage and remediation efforts at scale.

Automation Vulnerabilities Settings page

Availability

Automation Pipelines is available for:

  • Misconfigurations
  • Attack paths
  • Identity risks
  • Vulnerabilities

How it works

Automation Pipelines operates through a rules-based system that allows you to automate how new vulnerabilities are managed. Here’s how it works:

  • Rule configuration: Each rule consists of multiple criteria, designed to filter vulnerabilities based on specific attributes. Within a rule, the combination of these criteria operates as a logical AND; however, if any criteria include multiple values, those values operate as a logical OR. This structure gives you the flexibility to create rules that precisely target your needs.
  • Rule matching: Automation Pipelines evaluates vulnerabilities against your rules in the order you’ve listed them. As each vulnerability is processed, Automation Pipelines moves through the list until it finds a matching rule, at which point the specified action—such as muting non-urgent issues or highlighting critical threats—is triggered.

Use cases

Mute non-urgent findings so you can prioritize immediate threats

Mitigate information overload by muting non-urgent findings, so you can focus on critical threats. This allows you to:

  • Proactively discard non-urgent findings: Automatically filter out known scenarios that don’t require immediate action, such as false positives or accepted risks, without manual intervention.
  • Focus on true risks: Prioritize and address genuine threats, ensuring your attention is directed towards remediating real and pressing issues.
  • Streamline security alerts: Eliminate noise from security alerts related to:
    • Known false positives
    • Resources deemed non-critical or unimportant
    • Intentional vulnerabilities in controlled environments
    • Ephemeral resources that naturally flag without posing long-term concerns

Customize the Security Inbox to highlight what’s important to your organization

Customize the Security Inbox by defining specific conditions that determine which security issues are highlighted. This allows you to:

  • Resurface issues not captured by default: Highlight issues that might be missed by out-of-the-box or custom detection rules, ensuring no critical issue is overlooked.
  • Strengthen compliance and address key system concerns: Address concerns affecting regulatory compliance or important business systems, regardless of severity.
  • Prioritize current risks: Focus on immediate threats, such as identity risks after an incident, or industry-wide vulnerabilities.

Set due dates for vulnerabilities to align with your security SLOs

Assign deadlines for vulnerability remediation to ensure compliance and improve team accountability. This allows you to:

  • Align with compliance frameworks: Automatically set due dates that conform to industry regulations like FedRAMP or PCI.
  • Enhance accountability: Utilize security SLOs to hold teams responsible for timely vulnerability remediation, reducing the administrative burden of follow-ups and status checks.
  • Facilitate proactive risk management: Encourage prompt action on vulnerabilities to mitigate the risk of exploitation, leveraging SLOs as a strategic tool to prioritize and expedite security tasks.

Further reading

Additional helpful documentation, links, and articles:

Mute RulesDOCUMENTATION more more Add to Security Inbox RulesDOCUMENTATION more more Set Due Date RulesDOCUMENTATION more more
PREVIEWING: brett.blue/add-otel-integrations