CVE Ticket Creation - Google Threat Intelligence

This playbook creates a ServiceNow ticket using the "ServiceNow v2" integration based on enriched CVE data, leveraging the CVE exploitation state, risk rating, and CVSS score.

GoogleThreatIntelligence · 24 tasks · 2 inputs · 0 outputs

Inputs

  • cve_data — Enriched CVE information from the main playbook.
  • onCall — Set to true to assign only the user that is currently on shift. Default is False.

Commands used

servicenow-update-ticket

Flowchart

4<= CVSS score <7 CVSS score >=7 Exploitation state Confirmed Risk Rating HIGH or CRITICAL yes Start Start Extract risk rating from CVE data - SetAndHandleEmpty Extract risk rating from ... SetAndHandleEmpty Extract Exploitation State from CVE data - SetAndHandleEmpty Extract Exploitation Stat... SetAndHandleEmpty Extract CVSS 4.0 Score from CVE data - SetAndHandleEmpty Extract CVSS 4.0 Score fr... SetAndHandleEmpty Validate conditions for creating a ServiceNow ticket. Validate conditions for c... Risk Rating Risk Rating Exploitation state Exploitation state CVSS Score High CVSS Score High CVSS Score Less CVSS Score Less Create ServiceNow Ticket - Create ServiceNow Ticket Create ServiceNow Ticket Create ServiceNow Ticket Assign an analyst to the incident - AssignAnalystToIncident Assign an analyst to the ... AssignAnalystToIncident Done Done Extract CVSS 3.0 base score from CVE data - SetAndHandleEmpty Extract CVSS 3.0 base sco... SetAndHandleEmpty Calculate CVSS score - Set Calculate CVSS score Set Extract CVE Priority from CVE data - SetAndHandleEmpty Extract CVE Priority from... SetAndHandleEmpty Extract CVE name from CVE data - SetAndHandleEmpty Extract CVE name from CVE... SetAndHandleEmpty Extract Executive Summary from CVE data - SetAndHandleEmpty Extract Executive Summary... SetAndHandleEmpty Extract Description from CVE data - SetAndHandleEmpty Extract Description from ... SetAndHandleEmpty Extract CVE 3.0 vector from CVE data - SetAndHandleEmpty Extract CVE 3.0 vector fr... SetAndHandleEmpty Extract CVE link from CVE data - SetAndHandleEmpty Extract CVE link from CVE... SetAndHandleEmpty Extract CVE 4.0 vector from CVE data - SetAndHandleEmpty Extract CVE 4.0 vector fr... SetAndHandleEmpty Update description of ServiceNow ticket - servicenow-update-ticket Update description of Ser... servicenow-update-ticket Clear Previous inputs - DeleteContext Clear Previous inputs DeleteContext Is ServiceNow v2 integration enabled? Is ServiceNow v2 integrat...