Workflows Overview
Secberus Workflows is a system that allows various actions to be taken when events occur within the Secberus platform. A Workflow has three components:
- Events
- Triggers
- Actions
Events
The event is the action that occurred in the Secberus platform that a user may want to take action on.
Available Events
- VIOLATION_STATE_CHANGE - a violation has had its state changed. The various states a violation can have are OPEN, CLOSED_EXPIRED, CLOSED_REMEDIATED. This event is triggered whenever a new violation is created or an existing violation transitions into one of the other statuses.
Triggers
Triggers are a set of one or more conditions that can be set for an event that the event metadata and/or data must match against in order for it to trigger the Workflow action. This is a way of further fine-tuning when certain actions should be taken.
Types of Triggers:
- Data sources - the cloud environments in scope
- Category - the policy categories in scope
- Resource data - match policy results to certain data
- Severity - the violation criticality
Actions
Actions are the "targets" of the Workflow. A Workflow must have at least one Action, but can have as many as needed. Currently, all Actions are to send the event to a preconfigured Integration. See Integrations for more information.
Updated about 2 months ago