Hey there, fellow security enthusiasts! Today, I’m thrilled to take you on a journey behind the scenes of Patecatl, our remarkable vulnerability management solution. Although This is not an opensource and cannot be shared sensitive info so keeping those limitations, I am sharing the overview of our solution. At our organization, safeguarding the security of our applications and infrastructure is our top priority. With the combined efforts of our talented team, we have developed Patecatl to simplify and streamline our security operations. Named after the Aztec god of healing, Patecatl has proven to be an invaluable asset, automating issue handling and integrating with various tools. In this blog post, we’ll delve into how we built Patecatl and explore its key features, including automated Jira ticket creation
Building Patecatl: Streamlining Vulnerability Management
Patecatl was born out of the collective genius of our team, driven by a shared passion for security and innovation. Together, we embarked on a mission to develop a solution that would revolutionize our vulnerability management process. Let’s dive into the remarkable teamwork and key components that make Patecatl a game-changer.
Event-Driven Architecture:
Our team designed Patecatl with an event-driven architecture at its core. This architecture enables Patecatl running serverless to react swiftly to security events from various sources, including AWS Security Hub and manual triggers via our designated API endpoint. By leveraging the power of AWS services such as Security Hub, EventBridge, Step Functions, Lambda, DynamoDB, API Gateway, and Secrets Manager, our team seamlessly orchestrates and handles these events, empowering Patecatl to proactively manage vulnerabilities.
Normalization Workflow:
The heart of Patecatl lies in its powerful normalization workflow. Our talented engineers and security experts meticulously designed this workflow to analyze incoming security events, ensure data accuracy, and transform them into a standardized metadata model. With the prowess of finding routing, duplication checking, historical verification, and notifications, our team has built a robust foundation for automated decision-making and efficient vulnerability management.
Triage Process:
Collaboration is the key to success, and our team has taken it to heart in Patecatl’s automated triage process. After the normalization workflow, our findings are sent to a dedicated Slack channel, where every team member has an opportunity to review and contribute. We’ve developed an intuitive interface that allows team members to interact with prompts, mark findings as resolved, report false positives, or forward them to the responsible fixer. This streamlined triage process ensures that every finding is thoroughly reviewed, fostering efficient collaboration and resolution.
Finding-Update Workflow:
Keeping our findings database up to date is paramount, and our team has developed the Finding-update workflow to achieve just that. This workflow, triggered by the Slack API or the conciliator cron, diligently updates the status and origin of our findings. With every update, our team members have access to accurate and real-time information, ensuring smooth collaboration and empowering them to address vulnerabilities effectively.
Patecatl API and Slack Bot:
We created a user-friendly API and Slack bot within Patecatl. These components facilitate seamless communication between team members, the AWS ecosystem, and other platforms. The Slack bot, in particular, has become an invaluable member of our team, providing notifications, decision-making options, and processing user responses. It’s like having a security assistant who never sleeps, keeping our team informed and enabling them to focus on high-priority security matters.
Automated Jira Ticket Creation:
Streamlining Issue Management – As we receive findings from vulnerability detection tools like Qualys, Attack surface monitoring, Guard duty, IAM, Manually endpoint intregated with other tools.. automatically transforms legitimate findings into Jira tickets. This game-changing integration eliminates the need for manual ticket creation, reducing human error and ensuring prompt issue resolution. Each Jira ticket contains essential details from the finding, including the title, description, severity, and relevant metadata. Our team can now dedicate their time and expertise to analyzing and addressing findings, confident that the administrative tasks are taken care of.
Self-Patching Process via Jira Automation
In our ongoing quest for automation, we have built a self-patching process using Jira automation. Many findings can now be patched autonomously, such as misconfigured policies, unencrypted SSL, or publicly accessible buckets. Once the security engineer reviews the ticket, they can trigger the patching process with a simple click of a Jira automation button. This seamless integration further accelerates the resolution of vulnerabilities, enhancing our overall security posture.
Cost Savings and Autopilot Mode:
Now, let’s talk about the icing on the cake – Patecatl’s cost-efficiency and autopilot mode. Thanks to our dedicated team’s relentless pursuit of optimization, Patecatl operates at an incredibly low cost of just $0.50 per month. Yes, you read that right! Additionally, we have automated the patching process using Jira automation buttons. Whenever a finding indicates the need for patching, Patecatl steps in and updates and patches the asset automatically. It’s like having a tireless security assistant working round the clock, ensuring your systems are safeguarded.
Conclusion:
Patecatl, our remarkable vulnerability management solution, is a testament to the power of teamwork and innovation. With automation, event-driven architecture, and integrations with various tools, our team has achieved an improved security posture and streamlined vulnerability management. The automated Jira ticket creation, combined with the autopilot mode, reduces manual effort, enhances collaboration, and provides us with a unified view of our security landscape. We’re immensely grateful to our dedicated team for their hard work, expertise, and unwavering commitment to building Patecatl.
That’s it from me, your friendly security enthusiast. If you have any questions or want to know more about Patecatl, feel free to reach out.