======================== Handle compliance checks ======================== This workflow will notify the asset owner that their system no longer conforms to a particular compliance policy. Setup ===== Event ===== States ====== Full example ============ .. code-block:: json { "states": { "slack_message_user": { "resource": "zrn:integration:slack:chat:postMessage", "type": "Task", "description": "Slack the user", "parameters": { "blocks": [ { "text": { "text": "Hi there! We've noticed that the compliance rule is failing on your device.", "type": "mrkdwn" }, "type": "section" }, { "elements": [ { "text": { "text": "Yes, I've fixed it", "type": "plain_text", "emoji": false }, "style": "primary", "type": "button", "value": "yes" }, { "text": { "text": "I'm going to ignore this", "type": "plain_text", "emoji": false }, "style": "danger", "type": "button", "value": "no" } ], "type": "actions" } ], "channel": "$.id" }, "events": [ { "next": "slack_yes", "response": { "text": "Good to know!", "replace_original": "true" }, "name": "yes" }, { "next": "slack_no", "response": { "text": "Ok, thats a problem.", "replace_original": "true" }, "name": "no" } ] }, "slack_yes": { "end": true, "type": "succeed" }, "failing_rule": { "branches": [ { "states": { "get_owner": { "resource": "zrn:zercurity:api:users:get", "description": "Get the asset owner", "parameters": { "uuid": "$.owner.uuid" }, "mapping": { "result": "$.owner" }, "end": true, "type": "Task" }, "get_asset": { "resource": "zrn:zercurity:api:assets:get", "description": "Lets fetch the asset information in order to notify the user", "parameters": { "uuid": "$.asset.uuid" }, "mapping": { "result": "$.asset" }, "next": "get_owner", "type": "Task" } }, "entry": "get_asset", "description": "Get the asset" }, { "states": { "get_compliance_rule": { "resource": "zrn:zercurity:api:compliance:frameworks:get", "description": "Get the compliance rule", "parameters": { "uuid": "$.item.id" }, "mapping": { "result": "$.compliance" }, "end": true, "type": "Task" } }, "entry": "get_compliance_rule", "description": "Get the asset" } ], "type": "Parallel", "next": "slack_get_user" }, "passing_rule": { "end": true, "type": "succeed" }, "check_rule": { "default": "slack_no", "type": "choice", "choices": [ { "variable": "$.changes.passed.latest", "booleanEquals": true, "description": "Rule is passing so ignore it", "next": "passing_rule" }, { "variable": "$.changes.passed.latest", "booleanEquals": false, "description": "Rule is failing so lets notify the user", "next": "failing_rule" } ] }, "slack_no": { "end": true, "type": "Pass" }, "slack_get_user": { "resource": "zrn:integration:slack:users:get", "type": "Task", "description": "Get the users slack account id to send a message to them", "parameters": { "uuid": "$.owner.uuid" }, "next": "slack_message_user" } }, "entry": "check_rule", "description": "Post a message on slack when a new vulnerability is found" }