Handle compliance checks

This workflow will notify the asset owner that their system no longer conforms to a particular compliance policy.

Setup

Event

States

Full example

{
  "states": {
    "slack_message_user": {
      "resource": "zrn:integration:slack:chat:postMessage",
      "type": "Task",
      "description": "Slack the user",
      "parameters": {
        "blocks": [
          {
            "text": {
              "text": "Hi there! We've noticed that the compliance rule is failing on your device.",
              "type": "mrkdwn"
            },
            "type": "section"
          },
          {
            "elements": [
              {
                "text": {
                  "text": "Yes, I've fixed it",
                  "type": "plain_text",
                  "emoji": false
                },
                "style": "primary",
                "type": "button",
                "value": "yes"
              },
              {
                "text": {
                  "text": "I'm going to ignore this",
                  "type": "plain_text",
                  "emoji": false
                },
                "style": "danger",
                "type": "button",
                "value": "no"
              }
            ],
            "type": "actions"
          }
        ],
        "channel": "$.id"
      },
      "events": [
        {
          "next": "slack_yes",
          "response": {
            "text": "Good to know!",
            "replace_original": "true"
          },
          "name": "yes"
        },
        {
          "next": "slack_no",
          "response": {
            "text": "Ok, thats a problem.",
            "replace_original": "true"
          },
          "name": "no"
        }
      ]
    },
    "slack_yes": {
      "end": true,
      "type": "succeed"
    },
    "failing_rule": {
      "branches": [
        {
          "states": {
            "get_owner": {
              "resource": "zrn:zercurity:api:users:get",
              "description": "Get the asset owner",
              "parameters": {
                "uuid": "$.owner.uuid"
              },
              "mapping": {
                "result": "$.owner"
              },
              "end": true,
              "type": "Task"
            },
            "get_asset": {
              "resource": "zrn:zercurity:api:assets:get",
              "description": "Lets fetch the asset information in order to notify the user",
              "parameters": {
                "uuid": "$.asset.uuid"
              },
              "mapping": {
                "result": "$.asset"
              },
              "next": "get_owner",
              "type": "Task"
            }
          },
          "entry": "get_asset",
          "description": "Get the asset"
        },
        {
          "states": {
            "get_compliance_rule": {
              "resource": "zrn:zercurity:api:compliance:frameworks:get",
              "description": "Get the compliance rule",
              "parameters": {
                "uuid": "$.item.id"
              },
              "mapping": {
                "result": "$.compliance"
              },
              "end": true,
              "type": "Task"
            }
          },
          "entry": "get_compliance_rule",
          "description": "Get the asset"
        }
      ],
      "type": "Parallel",
      "next": "slack_get_user"
    },
    "passing_rule": {
      "end": true,
      "type": "succeed"
    },
    "check_rule": {
      "default": "slack_no",
      "type": "choice",
      "choices": [
        {
          "variable": "$.changes.passed.latest",
          "booleanEquals": true,
          "description": "Rule is passing so ignore it",
          "next": "passing_rule"
        },
        {
          "variable": "$.changes.passed.latest",
          "booleanEquals": false,
          "description": "Rule is failing so lets notify the user",
          "next": "failing_rule"
        }
      ]
    },
    "slack_no": {
      "end": true,
      "type": "Pass"
    },
    "slack_get_user": {
      "resource": "zrn:integration:slack:users:get",
      "type": "Task",
      "description": "Get the users slack account id to send a message to them",
      "parameters": {
        "uuid": "$.owner.uuid"
      },
      "next": "slack_message_user"
    }
  },
  "entry": "check_rule",
  "description": "Post a message on slack when a new vulnerability is found"
}