Hi,
We have a Jira integration with our Vulnerability management tool, InsightVM by Rapid7.
The integration auto creates tickets when vulnerabilities are detected by InsightVM. It takes time for a team to pick up these tickets and remediate them or for our patching schedule to to come around and patch assets. But because of this time, duplicate tickets are being created. Something like the following is happening:
- InsightVM detects a vulnerability and creates a JIRA ticket.
- JIRA ticket is not picked up by remediation teams immediately so when InsightVM does its next scan it detects the same vulnerability is still present and creates another identical ticket.
- Next day, same thing happens and so it creates another ticket. and so on. so we end up with many duplicate tickets.
Our queues then get flooded.
My question is , has anyone come up with a more elegant way to track vulnerabilities detected in InsightVM with JIRA ticketing? I know I could sort of do it with InsightVM's dashboards and remediation projects but the JIRA ticketing part is a requirement from other teams.
Thanks for any advice/suggestions. Also keen to hear how other VM and ticketing tools are used. I imagine other teams would have come across this issue.
