Vulnerability Enrichment and Ticket Creation - Google Threat Intelligence

This playbook enriches CVE information using the Google Threat Intelligence enrichment command and determines the appropriate action for each CVE based on key risk factors. For every extracted CVE, the playbook evaluates the Exploitation State, Risk Rating, and CVSS scores to decide whether to create a ServiceNow ticket using the "ServiceNow v2" integration or route the incident for analyst review.

GoogleThreatIntelligence · 12 tasks · 2 inputs · 0 outputs

Inputs

  • cve_input — Optional Provide a comma-separated list of CVEs.
  • onCall — Set to true to assign only the user that is currently on shift. Default is False.

Commands used

cve findIndicators

Flowchart

yes yes yes yes Start Start Is Google Threat Intelligence integration enabled? Is Google Threat Intellig... Clear previous inputs - DeleteContext Clear previous inputs DeleteContext Fetch Indicators from Incident - findIndicators Fetch Indicators from Inc... findIndicators CVE Enrichment using GTI command - cve CVE Enrichment using GTI ... cve Done Done Check whether CVEs are available in playbook input Check whether CVEs are av... Check for indicators Check for indicators Check that CVE indicators are present or not Check that CVE indicators... CVE Ticket Creation - Google Threat Intelligence - CVE Ticket Creation - Google Threat Intelligence CVE Ticket Creation - Goo... CVE Ticket Creation - Google ... Is CVE Enriched data is present? Is CVE Enriched data is p... War Room Entry for created ServiceNow Ticket - Print War Room Entry for create... Print