IT OPS

Critical-CVE Stale Device PagerDuty Escalation

Hourly, checks the inventory for devices missing a patch tied to a critical-severity CVE past its SLA window and raises a PagerDuty incident for each one while logging the breach…

CategoryIT Ops

Enginesim

Difficultyintermediate

Triggerschedule

Steps6

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerHourly schedule triggers the critical check
ActionQuery devices flagged against critical CVEsPostgres
LogicKeep only devices past their patch SLA deadline
ActionRaise a PagerDuty incident per breaching devicePagerDuty
ActionWrite the SLA breach to the Postgres audit tablePostgres
OutputReturn the incident acknowledgement linkPagerDuty

What it does

Focuses only on the dangerous tail of patch drift: endpoints still exposed to a critical CVE after their remediation SLA has elapsed. It pages the on-call engineer and records the SLA breach for audit.

When to use it

Use this when low-severity drift is handled by daily tickets but critical exposure needs to interrupt someone now. It is the escalation layer above your routine sweep.

How it works

1An hourly schedule triggers the check.
2The flow queries Postgres for devices flagged against a critical-severity CVE.
3A branch keeps only devices whose patch SLA deadline has already passed.
4For each breaching device it triggers a PagerDuty incident with the CVE id, hostname, and hours overdue.
5It writes a breach record back to a Postgres audit table so the SLA miss is provable later.
6The incident acknowledgement link is returned as the output for the on-call to act on.

Set it up

What you configure once, before turning it on.

1
Connect PostgresAny Postgres URL — query, write, migrate.
2
Connect PagerDutyIncidents, on-call, escalations.
3
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
4
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
5
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More IT Ops workflows

Daily Building Anomaly Digest to MS Teams

Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.

Indoor Air Quality Breach to Tenant Notice and Work Order

Listens for CO2, VOC, or humidity sensor alerts via webhook, and when a zone exceeds occupant-safety limits it emails affected tenants, opens a Monday remediation task.

Self-Service Reclaim Email for Idle Users

Detects users idle in a SaaS app past the threshold and emails each one a keep-or-release link; unanswered seats after the deadline are auto-flagged for removal.

Outlook Room Conflict Resolver with Approval Gate in Teams

When an Outlook room clashes, proposes a rebooking and asks the bumped meeting's organizer to approve the move in Microsoft Teams before any change is made.

Outlook Room Double-Booking Resolver with Auto-Rebook

Detects when two meetings claim the same Outlook room resource and automatically relocates the lower-priority meeting to a comparable free room.

Monthly Wasted-License Cost Report

Aggregates inactive-seat data across all tracked SaaS apps each month, computes total reclaimable spend, and delivers a ranked cost report to leadership in Notion and Slack.

Browse all IT Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

E-commerce

E-commerce Operator

Listings, support, inventory, and ads — running 24/7.

Finance

Research & Trading Desk

Governance-first research, execution, and risk — every trade on the audit trail.

Operations

Internal Operations

Runbooks, on-call, vendor management — disciplined and audited.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →