Getting started with Autobahn Fit
      Back to home
      1. Knowledge Base
      2. Getting started with Autobahn Fit

      Driving remediation with Jira

      After getting an overview of your security posture, you can start creating tickets for your team to fix your issues

      Now that you've identified vulnerabilities through Autobahn Fit scans, by importing issues from third-party tools, or a combination of both, it's time to tackle them and improve your security posture! Here's how:

      • Organize with Tags: Use tags to categorize your assets and, if needed, issues. This simplifies managing your Workouts by allowing you to filter and prioritize tasks based on tags. It will also make it easier to create custom Dashboards and analyze your data.
      • Send Workouts to Jira: If you have tagged your assets and issues properly, sending them to Jira will be a breeze - you will be able to select which assets to send, and to whom.

      This guide assumed that you will drive remediation through Jira. If you would rather use the platform directly, please refer to this guide for advice instead.

      Table of contents

      1. Integrate with Jira

      2. Manage your assets

      3. Review your issues

      4. Remediate with Workouts

      5. Next steps

      1. Integrate with Jira

      Integrate Autobahn Fit with Jira to automatically create tickets and tasks directly from Autobahn Fit. This will help you efficiently manage and address vulnerabilities identified during scans.

      To learn how to do it, refer to this article.

      2. Manage your assets

      Tagging your assets is useful to manage them more efficiently. By tagging your assets, you will be able to filter your Workouts easier, create custom dashboards, and select which assets to send to Jira. There are different tags you can use, for example:

      • Location
      • Team
      • OS
      • Network

      What matters is that you use a tag (or multiple tags) that ultimately help you in the long run. You can also start with one type of tag, and expand it afterwards.

      You can tag your assets from the the Asset detail (article detail here) or in bulk from the Assets page (article detail here).

      If you are using integrations from third-party tools, your tags will be carried over.

      3. Review your issues


      If you don't typically have asset owners in your organization (although we recommend having owners for assets because what gets owned, gets done), you can also tag and assign issues.

      In the case of assigning an issue instead of an asset, the user will only be assigned to that specific issue on that specific asset and be able to see the Workout only for them.

      Refer to this article to learn how to assign and tag issues.

      What we often see is people assigning issues of a specific type (for example, all issues related to web browsers) to a specific team. In this case, we would recommend assigning but also tagging them - since that will make it easier to filter your Workouts.

      4. Remediate with Workouts

      Cyber Fitness Workouts are step-by-step guides which remediate the root cause of vulnerabilities, thereby closing multiple issues in one go. You can either access them from your Dashboard, or from the Workouts page.

      In both the Dashboard and Workouts page, they will be sorted by the impact it will have on your security posture (as measured by the Hackability reduction). They will also be labelled by the Effort it takes to do them.

      You can read more about the Workout page in this article.

      Clicking on a Workout opens a page with:

      • a short description of the Workout (Warmup)
      • a list of assets to be applied (Setup)
      • step-by-step instructions (Workout)

      Tagging your issues and assets comes in handy when managing Workouts: you can filter your Workouts page based on tags, as well as the Setup tab, and it will allow you to select which assets to send to Jira.

      You can send a Workout to Jira from the Workout list or the Workout detail page, by clicking on Send to Jira. You will be able to send either all assets, or only a selection of them. The fields displayed when creating a ticket follow the fields selected in your Jira projects.

      The Workout PDF will be attached to the ticket. If you’ve customized the asset selection, only the selected assets will be included in the PDF file.

      After finishing a Workout, there's two ways to label an issue as remediated:

      1. By labelling the issue from the Individual Issues page (see here)
      2. By running a rescan. If the asset and port are still reachable but the issue isn't found, it will be automatically be labelled as Remediated by the platform 

      Since you're working with Jira, 

      5. Next steps

      By now you should have:

      ✔️ Run at least one scan

      ✔️ Reviewed the results in your dashboard

      ✔️ Created a custom dashboard

      ✔️ Set up the integration with Jira

      ✔️ Sent a Workout to be done

      So what comes next? Repeating the steps again. It's important to run scans regularly to a) make sure that your issues are being properly remediated, and b) keep an eye out for new issues.

      Some tips and tricks

      • Create custom dashboards for the different teams - this way you can track remediation for each of them and see which one might need extra support
      • Make use of the Risk accepted button. Not all issues are fixable, at least not with an unreasonable investment. If you can't fix something but are aware that it's there, make sure to quarantine your asset, report it, and then label the finding as Risk Accepted (learn how to apply our "Double Control Principle" here to make sure someone always needs to accept risks).