On This Page
One of the actions Vulnerability Mitigation App (VMA) enables you to take when vulnerable assets are detected is to open a Group Modification ticket in SecureChange to block access to the asset. The Group Modification ticket is handled by a Group Change workflow, which can be fully automated by creating a two step workflow, and having the second step update the group in all the relevant firewall devices and close the ticket.
To control access to the assets, the workflow adds or removes the assets from a global group object. The group object needs to be added to the destination of a rule with a drop action. The rule needs to be at the top of the policy list in a firewall that accepts traffic to the asset (for example, the main firewall in the network). To block access, add the assets to the group, and to allow access remove assets from the group.
Designer can only handle one ticket at a time for the same group object. When blocking or allowing access to multiple assets, you will need to wait for each asset to be updated and a new revision to be received before submitting a new ticket.
You can track the Group Modification ticket in VMA in the Tickets (
) menu. Only SecureTrack users with Super Administrator permissions can open tickets in SecureChange.
Open a Group Modification Ticket in SecureChange
- Go to the Asset Profile page by doing one of the following:
- In the Assets menu (
), click on the link to the asset. - In the Rules menu (
), click on the link to the asset. - In the Zones menu (
), click the Assets link and then the link to the asset.
- In the Assets menu (
-
Click on the Actions button (
), and select Mitigate via Group Modification to open a ticket to block the asset from the group object (or Allow Access via Group Modification to remove the asset). - Enter the following information:
- Domain
- Priority
- To create the ticket, click Continue.
The Additional Ticket Information page is displayed.
