In today's cybersecurity landscape, staying on top of system vulnerabilities is not just good practice—it's essential. With the growing number of security threats, organizations need efficient ways to identify, track, and remediate vulnerabilities. Even more importantly, they need to focus their limited resources on vulnerabilities that can actually be fixed.
This is where the power of API integration comes into play. By combining Guardian API and Zendesk, we can create a streamlined patch management workflow that enhances security while reducing manual overhead and focusing on actionable vulnerabilities.
`/assets` For retrieving all monitored assets
`/assets/failed-scan` For identifying assets with failed scans
`/assets/{asset_id}/vulnerabilities` For obtaining vulnerability data for specific assets
First, we collect data from Guardian to identify assets with fixable vulnerabilities:
def collect_asset_vulnerability_data(api_key, base_url):
headers = {"x-api-key": api_key}
# Get assets with failed scans
assets_response = requests.get(f"{base_url}/assets/failed-scan", headers=headers)
assets = assets_response.json()
results = []
for asset in assets:
# Get vulnerabilities for each asset
vuln_response = requests.get(
f"{base_url}/assets/{asset['id']}/vulnerabilities",
headers=headers
)
all_vulnerabilities = vuln_response.json()
# Filter out vulnerabilities that don't have fixes available
fixable_vulnerabilities = [v for v in all_vulnerabilities
if v.get('fix_exists', True) is not False]
# Count fixable vulnerabilities by severity
critical_count = sum(1 for v in fixable_vulnerabilities
if v.get('severity', '').lower() == 'critical')
high_count = sum(1 for v in fixable_vulnerabilities
if v.get('severity', '').lower() == 'high')
# Count total vulnerabilities for reference
total_count = len(all_vulnerabilities)
unfixable_count = total_count - len(fixable_vulnerabilities)
# Add to results if there are fixable critical or high vulnerabilities
if critical_count > 0 or high_count > 0:
results.append({
"asset_id": asset['id'],
"hostname": asset.get('hostname', ''),
"os": asset.get('os', ''),
"os_release": asset.get('os_release', ''),
"ip": asset.get('ip', ''),
"total_vulnerabilities": total_count,
"fixable_vulnerabilities": len(fixable_vulnerabilities),
"unfixable_vulnerabilities": unfixable_count,
"critical_vulnerabilities": critical_count,
"high_vulnerabilities": high_count,
# Include other relevant data
})
return results
def get_top_priority_assets(assets_data, limit=5):
# Sort by number of critical vulnerabilities (descending)
sorted_assets = sorted(
assets_data,
key=lambda x: x.get("critical_vulnerabilities", 0),
reverse=True
)
# Return the top N assets
return sorted_assets[:limit]
def create_zendesk_tickets(zendesk_subdomain, email, token, assets):
auth = (f"{email}/token", token)
headers = {"Content-Type": "application/json"}
for asset in assets:
# Create OS-specific update instructions
if "ubuntu" in asset.get("os", "").lower():
update_cmd = "sudo apt update && sudo apt upgrade -y"
elif "centos" in asset.get("os", "").lower() or "redhat" in asset.get("os", "").lower():
update_cmd = "sudo yum update -y"
else:
update_cmd = "Please update system packages using appropriate package manager"
# Prepare ticket data
ticket_data = {
"ticket": {
"subject": f"FIXABLE Vulnerabilities on {asset['hostname']} ({asset['critical_vulnerabilities']} critical)",
"comment": {
"body": f"""
SECURITY ALERT: Fixable Critical Vulnerabilities Detected
System Information:
- Hostname: {asset['hostname']}
- IP Address: {asset['ip']}
- Operating System: {asset['os']} {asset['os_release']}
Vulnerability Summary:
- Fixable critical vulnerabilities: {asset['critical_vulnerabilities']}
- Fixable high vulnerabilities: {asset['high_vulnerabilities']}
- Total vulnerabilities: {asset['total_vulnerabilities']}
- Unfixable vulnerabilities: {asset['unfixable_vulnerabilities']}
Recommended Action:
1. Schedule maintenance window
2. Update system packages:
{update_cmd}
3. Reboot the system
4. Run a new vulnerability scan
Note: This ticket focuses only on vulnerabilities that can be fixed with updates.
"""
},
"priority": "high",
"tags": ["security", "vulnerability", "patch-management", "fixable"]
}
}
# Create the ticket
response = requests.post(
f"https://{zendesk_subdomain}.zendesk.com/api/v2/tickets.json",
auth=auth,
headers=headers,
json=ticket_data
)
if response.status_code == 201:
print(f"Ticket created for {asset['hostname']}")
else:
print(f"Failed to create ticket: {response.text}")
def main():
# Configuration
guardian_api_key = "your_guardian_api_key"
guardian_base_url = "https://api.example.com/external"
zendesk_subdomain = "your-company"
zendesk_email = "your.email@example.com"
zendesk_token = "your_zendesk_api_token"
# Collect vulnerability data
assets_data = collect_asset_vulnerability_data(guardian_api_key, guardian_base_url)
# Identify high-priority assets
top_assets = get_top_priority_assets(assets_data)
# Create tickets for remediation
create_zendesk_tickets(zendesk_subdomain, zendesk_email, zendesk_token, top_assets)
print(f"Process complete. Created tickets for {len(top_assets)} assets.")