Actions

In the actions section, the following automated actions can be created;

Severity Update

Based on the conditions set by the user, Kondukto can automatically update the severity of vulnerabilities. For vulnerabilities that match the condition, their severity can either be set to a specific severity category or can be upgraded (i.e. Low-->Medium) or downgraded (i.e. Critical-->High) by one category.

This action occurs immediately after saving. From then on, Kondukto will adjust the severity of vulnerabilities after every scan or import.

📘

When downgrade or upgrade by one category option is used, Kondukto takes this action only once on the same vulnerability.

This action cannot be undone, meaning that even if the severity update is deleted, the vulnerabilities that were affected will remain changed.

Auto-flagging

Auto flagging feature allows assigning flags to vulnerabilities in an automated fashion.

Once the action is saved, Kondukto performs the assignment of the relevant flag on the vulnerabilities that match the condition set by the user. Going forward, flags are automatically assigned after each scan or import whenever the results contain a vulnerability that needs to be flagged.

When an action is deleted, flags that have been previously assigned to vulnerabilities are not removed automatically.

📘

Automated actions taken on a vulnerability can be tracked under the change log in vulnerability details. These actions are also included in the audit log.

Auto-labeling

This feature automatically assigns certain labels to projects based on the defined action.

The action is applied on all projects that match the criteria as soon as the action is saved. Going forward, Kondukto checks whether there are new projects that need to be labeled on a daily basis.

When the Remove labels automatically toggle is enabled, Kondukto automatically removes the corresponding label from a project when the rule is not satisfied any longer.

Send automated email toggle can be enabled if the user wants Kondukto to send an automated email when the label is assigned to a project.

An example use case could be, for projects that have been recently onboarded to Kondukto, security teams might want to create an onboarding email template for development teams to make sure projects are properly configured on Kondukto.

For this purpose, first a new email template can be created under Automation --> Setup --> Email Templates with the relevant onboarding checklist. Next, an auto labeling action can be defined with the following rule; Creation Date is Last 7 days. Then a label such as "Recently_onboarded" can be assigned to these projects and the relevant email template can be used to send out automated emails.