Handling blocked applications

Setup

Event

States

Full example

{
  "states": {
    "fetch_event": {
      "branches": [
        {
          "states": {
            "get_owner": {
              "resource": "zrn:zercurity:api:users:get",
              "description": "Get the asset owner",
              "parameters": {
                "uuid": "{{asset.owner.uuid}}"
              },
              "mapping": {
                "result": "$.owner"
              },
              "end": true,
              "type": "Task"
            },
            "get_asset": {
              "resource": "zrn:zercurity:api:assets:get",
              "description": "Lets fetch the asset information in order to notify the user",
              "parameters": {
                "uuid": "{{asset.uuid}}"
              },
              "mapping": {
                "result": "$.asset"
              },
              "next": "get_owner",
              "type": "Task"
            }
          },
          "entry": "get_asset",
          "description": "Get the asset"
        },
        {
          "states": {
            "get_process": {
              "resource": "zrn:zercurity:api:processes:get",
              "description": "Get the process",
              "parameters": {
                "uuid": "{{item.id}}"
              },
              "mapping": {
                "result": "$.process"
              },
              "end": true,
              "type": "Task"
            }
          },
          "entry": "get_process",
          "description": "Get the process"
        }
      ],
      "type": "Parallel",
      "next": "is_santa_rule"
    },
    "is_santa_rule": {
      "default": "end",
      "type": "choice",
      "description": "Check its a blocked application",
      "choices": [
        {
          "variable": "$.process.decision",
          "stringEquals": "BLOCK_BINARY",
          "next": "notify_user"
        }
      ]
    },
    "create_issue": {
      "resource": "zrn:zercurity:api:issues:create",
      "description": "Create an issue for unblocking application",
      "parameters": {
        "reference": "PRC_{{process.sha256}}",
        "type": "ISSUE",
        "title": "Access request for {{process.name}}",
        "description": "User {{owner.name}} has requested {{process.name}} be unblocked",
        "assigned": "{{owner.uuid}}",
        "status": "OPEN",
        "priority": "LOW",
        "components": [
          {
            "type": "APPLICATION",
            "sha256": "{{process.sha256}}"
          },
          {
            "type": "PROCESS",
            "sha256": "{{process.uuid}}"
          },
          {
            "type": "ASSET",
            "uuid": "{{asset.uuid}}"
          }
        ]
      },
      "mapping": {
        "output": "$.input",
        "result": "$.issue"
      },
      "next": "end",
      "type": "Task"
    },
    "notify_user": {
      "branches": [
        {
          "states": {
            "email_user": {
              "resource": "zrn:zercurity:core:email",
              "type": "Task",
              "description": "Email the user",
              "parameters": {
                "body": {
                  "text": "Oh no! The application {{process.name}} was blocked from running due your companies policy. Would you like to request this application be unblocked?",
                  "html": "<p>Oh no! The application <b>{{process.name}}</b></p><p><a href=\"https://www.zercurity.com/#close\" target=\"_blank\">Yes, this is my asset</a><br/><a href=\"https://www.zercurity.com/#escalate\" target=\"_blank\">No, this is not my asset</a></p>"
                },
                "from": "support@zercurity.com",
                "cc": [],
                "bcc": [],
                "to": [
                  "{{owner.email}}"
                ],
                "subject": "Application blocked {{process.name}}"
              },
              "end": true,
              "events": [
                {
                  "next": "close_issue",
                  "name": "CLICK",
                  "url": "https://www.zercurity.com/#close"
                },
                {
                  "next": "escalate_issue",
                  "name": "CLICK",
                  "url": "https://www.zercurity.com/#escalate"
                },
                {
                  "next": "debug",
                  "name": "OPEN"
                },
                {
                  "next": "debug",
                  "name": "SEND"
                },
                {
                  "next": "debug",
                  "name": "DELIVERY"
                },
                {
                  "next": "debug",
                  "name": "BOUNCE"
                }
              ]
            }
          },
          "entry": "email_user"
        },
        {
          "states": {
            "slack_get_user": {
              "resource": "zrn:integration:slack:users:get",
              "type": "Task",
              "description": "Get the users slack account id to send a message to them",
              "parameters": {
                "uuid": "{{owner.uuid}}"
              },
              "mapping": {
                "result": "$.slack",
                "output": "$.input"
              },
              "next": "slack_message_user"
            },
            "slack_message_user": {
              "end": true,
              "resource": "zrn:integration:slack:chat:postMessage",
              "type": "Task",
              "description": "Slack the user",
              "mapping": {
                "result": "$.slack",
                "output": "$.input"
              },
              "parameters": {
                "channel": "YOUR_CHANNEL",
                "blocks": [
                  {
                    "type": "section",
                    "text": {
                      "type": "mrkdwn",
                      "text": "Hi there! Just noticed you tried to run the application *{{process.name}}*. Would you like to request access?"
                    }
                  },
                  {
                    "type": "actions",
                    "elements": [
                      {
                        "type": "button",
                        "text": {
                          "type": "plain_text",
                          "text": "Yes - please unblock this!",
                          "emoji": false
                        },
                        "style": "primary",
                        "value": "yes"
                      },
                      {
                        "type": "button",
                        "text": {
                          "type": "plain_text",
                          "text": "Nope",
                          "emoji": false
                        },
                        "style": "danger",
                        "value": "no"
                      }
                    ]
                  }
                ]
              },
              "events": [
                {
                  "name": "yes",
                  "next": "slack_yes",
                  "response": {
                    "replace_original": "true",
                    "text": "Ok, let me raise a ticket."
                  }
                },
                {
                  "name": "no",
                  "next": "end",
                  "response": {
                    "replace_original": "true",
                    "text": ":+1:"
                  }
                }
              ]
            }
          },
          "entry": "slack_get_user"
        }
      ],
      "type": "Parallel",
      "description": "Notify the user of the new device"
    },
    "slack_yes": {
      "resource": "zrn:integration:slack:chat:postMessage",
      "type": "Task",
      "description": "Slack the user",
      "parameters": {
        "channel": "YOUR_CHANNEL",
        "text": "Thanks, an issue has been raised to get this sorted."
      },
      "next": "create_issue"
    },
    "close_issue": {
      "resource": "zrn:zercurity:api:issues:update",
      "description": "Close the issue",
      "parameters": {
        "uuid": "{{issue.uuid}}",
        "status": "CLOSED"
      },
      "end": true,
      "type": "Task"
    },
    "start": {
      "type": "Pass",
      "description": "Start",
      "next": "fetch_event"
    },
    "debug": {
      "type": "Nop",
      "description": "Quick debug output"
    },
    "end": {
      "type": "Pass",
      "description": "give up",
      "end": true
    }
  },
  "entry": "start",
  "description": "Post a message on slack when a new vulnerability is found"
}