Welcome to Vulnerability-based Change Automation App

To view the TOS Aurora Knowledge Center for Vulnerability-based Change Automation App, click here.

Vulnerability-based Change Automation App (VCA) is a Tufin Marketplace application that integrates SecureChange with third-party Vulnerability Management tools. These third-party tools allow you to enhance your risk assessments when evaluating access requests, enabling you to increase the benefit gained from your existing tools. And the integration with SecureChange will automate the risk approval process for you with integrated security checks.

The integration is accomplished through syncs or scheduled scans with your existing Vulnerability Management tools. Depending on the setting you select, the app will either retrieve the historical results for the assets on the ticket, or launch a new scan (which can be scheduled). The syncs are configurable, and you can define a risk severity threshold, and which networks are scannable.

In addition, you can use VCA to generate sharable HTML reports for the SecureChange tickets. These reports, which can be viewed from within the Access Request workflow, provide a reader friendly summary and detailed breakdown of the vulnerabilities detected in the assets included in the ticket. The reports can be downloaded as HTML files, which the report recipients can then view in their browser, or share with other teams.

The app supports integrations with the following Vulnerability Management tools:

  • Rapid7 Nexpose
  • Rapid7 Insight VM
  • QualysGuard
  • Qualys VMDR
  • Nessus Professional
  • Tenable.io
  • Tenable.sc