Automation Overview
This article describes automation, how to create, run, edit, and delete automations, as well as some common use cases for automation in the Brinqa Platform.
What is automation?
Brinqa contains a flexible workflow engine built into the user interface through a feature called automation. Automation gives you the capability to build complex and automated actions based on data sets derived from Brinqa Query Language (BQL) queries. Automations serve to simplify your Brinqa Platform experience by streamlining tasks and reducing manual efforts. By using automation, you can build workflows that help improve your organization's security management and response time, enabling you and your team to focus on higher-priority tasks. Some examples of automations you can create include, but are not limited to:
-
Creating exception requests
-
Creating false positive requests
-
Expiring exception requests
-
Creating and pushing vulnerability tickets
Users with the Configurator or System Administrator role can navigate to Automation to view or modify existing automations or create new automations.
Create an automation
While your Brinqa Platform comes with some built-in automations, users with the Configurator or System Administrator role can create new automations. To do so, follow these steps:
-
Navigate to Automation.
-
Click Create and fill in the following information:
-
Title: The title of the automation.
-
Description: The description of what the automation accomplishes.
-
BQL query: The Brinqa Query Language (BQL) query to run against the data. Click Test to check if your query is valid and returns any data.
tipEnsure that a successful data orchestration has synced before you execute a query. Data orchestration consolidates your data and ensures that it can be queried.
-
Actions: The action that the automation performs. For example, create a vulnerability ticket, push vulnerability tickets, or create a false positive request.
-
Run: The method in which the automation runs.
-
Manual: Manually launch the automation from the Automation page.
-
Schedule: Specify a schedule for the automation to run (for example, once per day, every day at a specified time).
-
Orchestration: Set the automation to run as part of the data orchestration and select the stage (as shown in figure 1) in which the automation runs. The orchestration stage is dependent on your specific needs and requirements. Here's a breakdown of why and when you might need to select one of these options:
-
After data integration: Your automation runs after the data integration process concludes. Data integration refers to the process of importing data from various data sources into your Brinqa Platform. Choose this option if your automation should act immediately after data from various sources is imported and mapped, but before any consolidation takes place. This approach is useful when your automation affects the SDM data or identities. This ensures your actions are based on the most current, unconsolidated data.
-
After consolidation: Your automation runs after the consolidation process finishes. During consolidation, the Brinqa Platform gathers and combines data from different sources, giving you a unified view of the information. Choose this option if your automation needs a unified and deduplicated view of data from different sources. This approach is useful if the automation modifies data that clusters or computations depend on. If you're generating reports or notifications that require data from all sources, running your automation after consolidation ensures that it's based on a comprehensive and up-to-date data set.
-
After computation: Your automation runs after the computation process completes. In this stage, the Brinqa Platform calculates or processes data, potentially aggregating, summarizing, or transforming it. Choose this option if your automation relies on calculated or processed data, such as calculated attributes and clusters. For example, if you're creating tickets based on risk scores, ensure your automation runs after these computations. This approach makes sure that your actions are based on the most up-to-date processed data.
-
-
-
-
Click Create.
The Automations page reloads and your new automation displays in the list view.
Manually run an automation
Users with the Configurator or System Administrator role can launch and run an automation manually. To do so, follow these steps:
-
Navigate to Automation.
-
Hold your pointer over your automation entry and click Run.
-
Click Confirm in the confirmation dialog when prompted.
If the automation launches successfully, the following message displays: "The automation has been successfully launched."
Automation examples
The steps above demonstrate a general procedure for creating and running an automation. See the following articles for different examples of using automation in your Brinqa Platform:
Troubleshooting automations
If your automation encounters an error, you can copy and paste the Transaction ID of the automation event into the Application Event Log search bar to view details on what may have caused the automation to fail. To do so, follow these steps:
-
Navigate to Automation and select the automation you want to view the logs for.
-
Copy the Transaction ID of the failed automation.
-
Navigate to Administration
on the upper-right corner and under System, select Logs. -
Paste the Transaction ID into the search bar and press Enter or Return on your keyboard.
-
Click the Transaction link in the list view.
The application event log details page for the automation appears. You can see what may have caused the automation to fail in the Detail section.
Edit or delete an automation
You can edit or delete existing automations. To edit an automation, hold your pointer over the automation you want to modify and click Edit.
To delete an automation, hold your pointer over the automation you want to delete, click the kebab (three vertical dots), and then click Delete.