Overview
Dynamic Fields are a templating language for the Nucleus Automation Engine. Dynamic Fields allow you to construct asset and/or vulnerability processing rules that dynamically include information from the assets that the rules match trigger on.
You can use asset fields dynamically in vulnerability processing rules when commenting on a vulnerability or assigning the vulnerability to a user, and in asset processing rules when adding an asset to an asset group.
How to use
Nucleus uses the standard moustache templating format combined with our field dot notation to allow users to automatically use values set dynamically from another place in the Nucleus application. For example, you could enable users to access the asset_owner field of an asset when commenting on a vulnerability.
Examples
{{asset.business_owner}}= inserts value from the Business Owner field on a Nucleus asset{{asset.metadata.cxsast.team}}= inserts value from the checkmarx field for team within the additional metadata section on a Nucleus asset
In the above examples, you can access the values from the fields associated with an asset without having to statically define or hardcode the value from that field. This allows for much more flexibility in the types of actions you can take via the Nucleus Automation Framework and improves the efficiency and accuracy of your work.
Where can Dynamic Fields be used in Nucleus?
Currently, the Nucleus Dynamic Field Templating Language is only available for the Automation Framework.
List of Available Dynamic Fields
Asset and Finding Processing Rules
Here is a complete list of dynamic fields you can use in asset and finding processing automation rules:
Field | Description | Possible Values |
|---|---|---|
app.branch | The application asset branch. | string |
app.repo_type | The application asset repo type. | string |
app.repo_url | The application asset repo URL. | string |
asset.alias | The asset’s display name. | string |
asset.business_owner | The asset's business owner. | string |
asset.business_owner_team | The asset's business owner team. | string |
asset.compliance | Whether or not the asset is in or out of compliance scope. | True or False |
asset.criticality | The criticality of the asset. | string of one of the following: Critical, High, Medium, Low |
asset.data_sensitivity | The data sensitivity of the asset. | string of one of the following: Critical, High, Medium, Low |
asset.ip | The asset’s IP address (if applicable). | IP address or Null |
asset.last_seen | The last date that the asset was seen. | date |
asset.metadata.externaltool.field | Access the custom fields from other tools which are linked to a Nucleus asset. (e.g., to access the qualys host id you would use | Depends on the field, but generally a string or int formatted as a string |
asset.metadata.metadata-key | Additional Metadata specified on the asset. | Depends on the field, but generally a string or int formatted as a string |
asset.name | The name of the asset. | string |
asset.operating_system | The asset’s operating system name | string |
asset.owner | The asset’s owner. | string |
asset.public_facing | Whether or not the asset is public facing. | True or False |
asset.risk_score | The asset’s Nucleus risk score. | Nucleus risk score on scale of 1 - 1000 |
asset.support_team | The asset's support team. | string |
image.alias | The name of this image’s repository. | string |
image.platform_arch | The CPU architecture which the binaries in this image are built to run on. | string |
image.platform_arch_variant | The variant of the CPU architecture of this image. | string |
image.platform_os | The name of the operating system which the image is built to run on. | string |
image.platform_os_version | The version of the operating system which the image is built to run on. | string |
image.registry | The primary registry that this image is stored in. | string |
image.repository | The name of this image’s repository. | string |
Ticketing Rules (Jira connector only)
Opt-in Feature
Dynamic Field support for the Jira connector is currently available as an opt-in feature, please contact support or your Customer Service Representative to enable for your organization.
Here is a complete list of dynamic fields you can use in ticketing automation rules using the Jira ticketing connector:
Field | Description | Example Values | Supported Type |
|---|---|---|---|
{{finding.cvss}} | Finding CVSS score | 9.8 | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.instance.assignee}} | User assigned to a vulnerability. When used in ticketing automation rules or manual ticket creation, individual tickets will be created and assigned for each Nucleus assignee with one or more instances of a unique vulnerability. | Instance assignee | Assignee, Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_actors}} | Threat actors associated with the CVE | APT28 | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_ease_of_exploitation}} | Level of difficulty to exploit the vulnerability | Very Easy, Easy, Moderate, Hard, Very Hard | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_exploitation_consequence}} | Likely consequence if vulnerability is exploited | Code Execution, Unauthorized Access, Command Execution, Privilege Escalation, Data Exfiltration, Denial of Service, Service Disruption | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_exploited}} | Known to be exploited in the wild | Yes, No | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_exploited_by_malware}} | Known to be weaponized in malware | Yes, No | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_likely_to_be_exploited}} | Predicted to be exploited based on Nucleus Insights analysis | Yes, No | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_malware}} | Names of malware associated with the CVE | URSNIF, Emotet, TrickBot, etc. | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_mitigation_available}} | Known mitigation is available | Yes, No | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_public_exploit_available}} | Public exploit code is available | Yes, No | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_threat_rating}} | Nucleus Insights overall threat rating | Existential, Critical, High, Medium, Low | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_widely_exploited}} | Vulnerability is widely exploited | Yes, No | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.nucleus_zero_day}} | Vulnerability is a zero-day | Yes, No | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.scan_type}} | Scan type that produced the finding | Tenable Nessus, Qualys, etc. | Custom Label, Custom Paragraph, Custom Short Text |
{{finding.severity}} | Finding severity | Critical, High, Medium, Low, Informational | Priority, Custom Label, Custom Paragraph, Custom Short Text |
Important Things to Know
Dynamic fields support a maximum of 256 characters, values larger than 256 characters will be truncated.
Label type fields in Jira do not support whitespace characters. When using Dynamic Fields with Label type fields in Jira, Nucleus will not attempt to create a label if the value from a dynamic field contains whitespace characters.
The dynamic fields finding.instance.assignee and finding.severity are evaluated at the instance level, and will dynamically generate individual tickets for each distinct value associate with instances of the finding. If both are used in the same ticketing rule, individual tickets will be created for each distinct combination of values from the dynamic fields. For more information, refer to the Dynamic Ticketing in Jira topic in Jira Ticketing Integration..
Next Step: Use dynamic fields in automation
Now that you know about Dynamic Fields, visit these articles on asset processing, finding processing and ticketing rules to try using Dynamic Fields. For further information regarding dynamic field use in ticket grouping see Ticketing Grouping.
If you have any questions, please contact us through the help center.