HomeGuidesTerms & ConceptsAPI DocumentationRelease NotesStatus
Guides

Workflows Overview

Suggest Edits

Secberus Workflows is a system that allows various actions to be taken when events occur within the Secberus platform. A Workflow has three components:

  1. Events
  2. Triggers
  3. Actions

Events

The event is the action that occurred in the Secberus platform that a user may want to take action on.

Available Events

  • VIOLATION_STATE_CHANGE - a violation has had its state changed. The various states a violation can have are OPEN, CLOSED_EXPIRED, CLOSED_REMEDIATED. This event is triggered whenever a new violation is created or an existing violation transitions into one of the other statuses.

Triggers

Triggers are a set of one or more conditions that can be set for an event that the event metadata and/or data must match against in order for it to trigger the Workflow action. This is a way of further fine-tuning when certain actions should be taken.

Types of Triggers:

  • Data sources - the cloud environments in scope
  • Category - the policy categories in scope
  • Resource data - match policy results to certain data
  • Severity - the violation criticality

Actions

Actions are the "targets" of the Workflow. A Workflow must have at least one Action, but can have as many as needed. Currently, all Actions are to send the event to a preconfigured Integration. See Integrations for more information.

Updated about 2 months ago