Create a Bot
Bots are very powerful and can be used to automate remediation and assist with risk prioritization. One of the most effective ways to use a Bot is to curate resource groups or data groups. If you’re looking for inspiration on Bots that work for your environment, see Working with Bots (Best Practices & Examples). While there are no system or configuration prerequisites for creating a Bot, it’s important that you have a good understanding of Resources, Query Filters, Insights, and Jinja2 before getting started. It’s also useful to have a notification-based integration configured, like email, Slack, or PagerDuty.
Automatic Bot configuration
Bots created from an Insight or template are partially configured for you, however, Insight Bots are locked to the configuration. You can click Unlock to break the association, but the Bot will not be updated if the associated Insight (or any Exemptions) are updated.
To create a Bot:
- Open the Create Bot workflow:
- If you want to create a Bot with custom details, scope, and Query Filters: go to Automation > BotFactory > Listing and click Create Bot.
- If you want to create a Bot for a specific Insight: go to Security > Insights > Library, find the Insight, and click Action (…) > Create Bot Automation.
- If you want to create a Bot from an existing Bot: go to go to Automation > BotFactory > Templates and click Action (…) > Use Template.
- For Bot Details:
- Enter a Bot Name.
- Optionally, enter a Category, Severity, and Description.
- Click Next.
- For Scope:
- Select Resource Types for the Bot to check. Selecting multiple resource types limits the number of applicable Query Filters.
- Select to scope resources by badge or by cloud account, Kubernetes cluster, or resource group.
- Select the preferred badges or cloud accounts, clusters, or resource groups.
- Click Next.
- For Query Filters:
- Click Add Query Filter.
- Find a Query Filter and click Apply.
- Configure the Query Filter as necessary.
- Repeat the previous steps until you have as many Query Filters as necessary. The Bot will only take action on resources that match all Query Filters.
- Click Next.
- For Actions:
- Click Add Action. Note: some actions can use Jinja2 templating and some can send notifications to an integration.
- Find an action and click Apply.
- Configure the action as necessary.
- Repeat the previous steps until you have as many actions as necessary. If you add multiple actions, note that all actions are executed instantly in parallel unless it’s a delayed action.
- Click Next.
- For Run Options:
- Click Select next for each run option you want to implement.
- Click Save.