Application Security Platform
Manage automations

New automation

This document is for:
Invicti Platform

Automations define how Invicti Platform interacts with your other systems. This article explains how to create a new automation by specifying a scope and the events within that scope that will trigger actions.

IMPORTANT 

The following configurations are necessary before creating automations:

  • An established integration with an issue tracker (for example, JIRA).
  • Allowed email domains configured under Settings > Email. (Automation email notifications can only be configured and sent to domains that have been added to the Email settings).

For documentation purposes, we will demonstrate how to create an automation rule that sends discovered vulnerabilities to an issue tracker.

Adding an automation is a 3-step process:

Step 1: Specify scope and targets

This is where you enter a name for the automation and specify the targets or collections.

  1. Whilst being logged in as an Owner or Administrator, select Automations from the left-side menu.
  2. Click Add new automation.

  1. Complete the following fields:
  • Name: Enter a meaningful name for the automation.
  • Description: Briefly describe what the automation is for.
  • Scope: Choose where the automation should apply:
  • All targets - Applies to all targets.
  • Specific collections - Select from existing collections.
  • Specific targets - Choose individual targets.
  • Targets / Collections drop-down: This field updates based on your Scope selection. Use it to choose the relevant target(s) or collection(s) the automation will apply to.

  1. Click Create automation to confirm this. You are taken to the automation configuration page. Continue with step 2 below.

Step 2: Add an event

This is where you add an event (scan completed, scan failed, etc) to the automation.

  1. Use the plus button to add an event:

  1. On the Add event dialog, use the drop-down to select Vulnerability found. The other options are:
  • Scan completed
  • Scan failed
  • Report generated

  1. Based on the event you selected, configure the additional fields:
  • Vulnerability severity: Send only vulnerabilities that match the selected severity level.
  • Vulnerability confidence: Send only vulnerabilities with the selected confidence level or higher.
  • Target’s business criticality: Select the business criticality of the target to further filter the results.

  1. Click Save to confirm the event configuration.

Step 3: Add an action

  1. Use the plus button below the event to enter an action.
  2. Use the drop-down to select an action. Depending on the event, you may see Send to issue tracker or Send email. For this document, we will use Send to issue tracker.
  3. Specify the integration.

  1. Save to confirm the action.
  2. Optionally, repeat previous steps to add additional events and actions to your automation.
  3. Click Save changes to save the entire automation.

Your automation is now configured and automatically enabled.

Share This Article