Good news, in an effort to provide you, our valued users, tips and tricks that will help you make the most of the platform, we have decided to start sending a newsletter. The newsletters will focus on different areas of the platform, sometimes a series of newsletters on the same topic, and other times a single newsletter on a single topic or several small topics.
Now that we have playbooks on the platform, we can start creating custom automations. These automations will help integrate Ultra RED with your other security solutions, by taking the data collected by the platform and sending it via an API to your choice of product. In this issue, we are going to provide you with some examples of possible uses for this feature. We hope this issue will spark your creative juices and you will create your own playbooks that will make yours and your team's life just a little bit easier.
PHP is a scripting language focused on web development. About 70% of all websites online today use PHP. As such, it is bound to attract a lot of attention from malicious actors that constantly develop new ways to exploit websites and exfiltrate valuable information from them. The people over at the PHP development team are hard at work on creating better, more secure versions of their product, it is the job of consumers of this product to keep it up to date. We can build a playbook that will trigger each time PHP is discovered by the Technology Scanner and that it is marked as outdated technology.
To do so, we first enter the basic playbook details like name and category. Then, we select under Action ‘Outdated Technology'. The property to look for should be ‘Technology Name’ and the value should be ‘PHP’. Finally, we need to enter the API endpoint of the patch management software and that’s it.
Critical vectors are very time sensitive. They require the quickest time to remediation simply because of the higher risk factor. Therefore, it stands to reason that we would want to be notified as soon as possible when such vectors are found. In the pre playbooks era, this was done via emails, in the post playbooks era we can build a playbook that is triggered by priority 5 vectors and sends the vector data to a slack channel, for the entire team to be alerted at once.
To create such a playbook, we need to first fill in the basic info like name and category. The action that would trigger this playbook should be a new vector created, the property the playbook should focus on is Priority and it should be 5. Finally, we need to provide the API endpoint to which we want to send the data about the vector, in this example a Slack channel.
As organizations grow, the amount of digital assets they have grows accordingly. Dev, support, QA and other teams are always creating new assets, development environments, testing environments, replicated environments, and sometimes they forget to notify the IT team. Since the platform can discover new assets per domain, assuming monitoring is turned on, but not sub domains, we can use playbooks to monitor for specific subdomains and be alerted soon after they have been created.
For this example, we want to monitor the dev.ultrared.ai subdomain and alert an IT system of a new asset that was created. To create this playbook, we first need to provide basic details like the name and category. Then we need to select the action to trigger the playbook, in our case that would be ‘New Discovered Asset'. Next, we select the property the playbook should focus on, in this example that would be the asset name, and provide the subdomain. By unchecking the 'Exact Match’ box we make sure that every new domain under dev.ultrared.ai will trigger the playbook.
