DataBee Remediation Actions
- 01 Apr 2025
- 3 Minutes to read
- Print
- DarkLight
DataBee Remediation Actions
- Updated on 01 Apr 2025
- 3 Minutes to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Introduction
DataBee Remediation Actions is a feature designed to empower organizations by automating their response workflow and IT operations challenges. This feature enhances response efficiency by allowing users to create automated actions based on specifically crafted data queries within the DataBee platform. These actions can generate ServiceNow tickets tailored to predefined criteria, reducing manual effort and speeding up resolution times.
The queries driving these remediation actions can be executed against various data tables, such as a CDP (Core Data Product), OCSF or CCM (Continuous Controls Monitoring) table, offering flexibility in how organizations leverage their data to trigger automated responses.
Key Features
Automated Response Actions: Automatically generate ServiceNow tickets based on custom data queries.
ServiceNow Integration: Seamlessly connect with ServiceNow ITSM to create and manage tickets.
Scheduling Capabilities: Define specific days and times for remediation actions to run automatically.
Action Management: Gain a comprehensive view of all configured actions, including their connection details, schedules, severity levels, and statuses.
How It Works
The DataBee platform processes data from multiple sources, normalizes it, and transforms it into actionable outcomes. The data flow pipeline consists of the following steps:
Data Collection:
Sources: Data is gathered from systems like Quali's vulnerability scanner (security vulnerability data), ServiceNow CMDB (asset and application management), and Workday (user and organizational data).
Real-Time Processing:
Collected data is processed in real time and normalized into a unified schema.
Remediation Action Configuration:
Create a Remediation Action based upon a DataBee query. Records that match the query, will be sent to the output.
Outputs:
Ticket Creation: Automated generation of ServiceNow tickets for incidents or IT operations requiring attention.
This automated workflow minimizes manual processes, accelerates response times, and strengthens organizational security and operational efficiency.
Setup Instructions
Follow these steps to configure a remediation action in DataBee:
Setting Up ServiceNow Integration
To integrate ServiceNow with Databy, follow these steps:
Log In: Access the Databy console.
Access Settings: Click the gearbox icon (configuration settings) in the top right corner.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
Navigate to Integrations: In the System settings, select the Integrations tab on the left.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
Select ServiceNow: Click the ServiceNow ITSM integration card.
Configure OAuth: Enter the OAuth configuration details for your ServiceNow instance.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
Test Connection: Click Test connection to verify the setup.
Save: If successful, click Submit to save the configuration.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
Creating a Remediation Action
To create a new remediation action, follow these steps:
Navigate: Go to the Data menu and select the Remediation Actions tab.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
Start New Action: Click the New button.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
Choose Connection: Select the ServiceNow connection from the dropdown.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
Name and Describe: Enter an Action Name and Description.
Define Query: Craft a query to specify the conditions for ticket creation.
Configure Ticket Fields:
Incident Title: Enter the mandatory ticket title.
Incident Description: Provide the mandatory ticket description.
Additional Fields: Optionally, add key-value pairs relevant to ServiceNow ITSM tickets.
Schedule: Choose the day and time for the action to run.
Save: Click Save to activate the remediation action.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
Example Use Case
Imagine you need to automatically notify a team member, Mike, about vulnerabilities requiring remediation. Here’s how DataBee Remediation Actions can help:
Scenario: Create a ServiceNow ticket for vulnerabilities with a compliance_status = false and assigned to Mike.
Setup:
Query: Define a query like compliance_status = false AND owner = 'Mike'.
Ticket Details:
Incident Title: "Vulnerability Remediation Required"
Incident Description: "Vulnerability Category, Affected Asset: [Asset Types]"
Schedule: Run daily at 9:00 AM.
Outcome: Mike receives a ServiceNow ticket each day listing vulnerabilities he owns that need attention, streamlining the remediation process.
Managing Remediation Actions
Once actions are configured, you can monitor and manage them within the DataBee console:
Action Overview:
Navigate to the Actions page for a holistic view of all remediation actions.
Review details such as the assigned connection, schedule, severity, and current status.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
Action History:
Click the History button for any action to access a detailed history table.
View information including:
ServiceNow ticket numbers generated.
Number of records attached to each ticket.
Error details (if any) from previous runs.
Use filtering and search options to analyze specific actions or runs.
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
.png?sv=2022-11-02&spr=https&st=2025-04-03T01%3A53%3A32Z&se=2025-04-03T02%3A03%3A32Z&sr=c&sp=r&sig=r5oG%2BfkA6JC801wKhyaK8irKLl37p0Bo55lVSIXBXNs%3D)
This visibility ensures you can track the performance and effectiveness of your automated responses.
Conclusion
DataBee Remediation Actions offers a robust solution for automating response and IT operations tasks. By integrating with ServiceNow and utilizing data-driven queries, it reduces manual workloads, enhances efficiency, and helps organizations maintain a proactive stance on security and operational management. We hope this documentation equips you to fully leverage this feature for your organization’s needs.
Was this article helpful?