{"templates":[{"default_approval_gate":"Security reviewer required","default_cadence":"Manual approval","default_context_pack":"Secure context trust pack","default_input_channel_ids":["page-context","recipe-index","github-repository","deps-dev-advisories"],"default_output_channel_id":"draft-pr-packet","default_recipe_query":"vulnerable dependency remediation","default_report_profile_id":"remediation-pr-packet","description":"Use GitHub repo + deps.dev context to draft a narrow dependency remediation packet for human review.","id":"github-dependency-pr-handoff","label":"GitHub dependency PR handoff","status":"curated","target_hint":"owner/repo package/CVE","workflow_value":"dependency"},{"default_approval_gate":"Code owner required","default_cadence":"Manual approval","default_context_pack":"Runtime controls","default_input_channel_ids":["page-context","recipe-index","sarif-manual-import"],"default_output_channel_id":"jira-ticket","default_recipe_query":"SAST finding triage","default_report_profile_id":"ticket-ready-brief","description":"Bundle bounded SAST findings into a Jira-ready brief and route the follow-up through a governed ticket.","id":"sast-triage-to-jira","label":"SAST triage to Jira","status":"curated","target_hint":"service/module SARIF upload","workflow_value":"sast"},{"default_approval_gate":"Two-person review","default_cadence":"Manual approval","default_context_pack":"MCP gateway policy","default_input_channel_ids":["page-context","recipe-index","confluence-knowledge"],"default_output_channel_id":"runbook-receipt","default_recipe_query":"MCP connector intake scanner","default_report_profile_id":"connector-intake-decision","description":"Score a proposed connector, produce a hold/allow decision pack, and route it to governance stakeholders.","id":"mcp-connector-intake-review","label":"MCP connector intake review","status":"curated","target_hint":"connector name / namespace","workflow_value":"mcp-guardrail"},{"default_approval_gate":"Security reviewer required","default_cadence":"Weekly sweep","default_context_pack":"Agentic assurance pack","default_input_channel_ids":["page-context","security-hub-api"],"default_output_channel_id":"slack-webhook","default_recipe_query":"agentic risk review","default_report_profile_id":"exec-risk-brief","description":"Aggregate cloud findings into an executive summary and downstream analyst brief.","id":"security-hub-risk-brief","label":"Security Hub risk brief","status":"curated","target_hint":"account / business unit / region","workflow_value":"recipe-runbook"},{"default_approval_gate":"Security reviewer required","default_cadence":"Daily review queue","default_context_pack":"Agentic assurance pack","default_input_channel_ids":["recipe-index","snyk-issues-api","confluence-knowledge"],"default_output_channel_id":"jira-ticket","default_recipe_query":"agentic risk review","default_report_profile_id":"ticket-ready-brief","description":"Pull bounded Snyk issues plus Confluence runbooks into a reviewer-ready remediation or triage brief.","id":"snyk-triage-with-runbooks","label":"Snyk triage with runbooks","status":"curated","target_hint":"org / product / initiative","workflow_value":"recipe-runbook"},{"default_approval_gate":"Security reviewer required","default_cadence":"Manual approval","default_context_pack":"Secure context trust pack","default_input_channel_ids":["page-context","recipe-index"],"default_output_channel_id":"runbook-receipt","default_recipe_query":"Run receipt","default_report_profile_id":"run-receipt","description":"Document a BYO-token browser investigation or planning session with an evidence-first receipt.","id":"browser-run-receipt","label":"Browser run receipt","status":"curated","target_hint":"workflow / incident / repo","workflow_value":"recipe-runbook"},{"default_approval_gate":"Security reviewer required","default_cadence":"On new finding","default_context_pack":"Runtime controls","default_input_channel_ids":["page-context","recipe-index","microsoft-defender-xdr-incidents","confluence-knowledge"],"default_output_channel_id":"servicenow-incident","default_recipe_query":"incident triage and containment","default_report_profile_id":"incident-response-brief","description":"Pull a bounded Defender XDR incident, align containment with internal runbooks, and draft a ServiceNow follow-up.","id":"defender-xdr-incident-to-servicenow","label":"Defender XDR incident to ServiceNow","status":"curated","target_hint":"incident / device / user","workflow_value":"recipe-runbook"},{"default_approval_gate":"Security reviewer required","default_cadence":"On new finding","default_context_pack":"Runtime controls","default_input_channel_ids":["page-context","recipe-index","microsoft-sentinel-incidents","confluence-knowledge"],"default_output_channel_id":"pagerduty-events-v2","default_recipe_query":"incident triage and containment","default_report_profile_id":"incident-response-brief","description":"Summarize a live Sentinel incident and escalate a high-confidence response brief into PagerDuty.","id":"sentinel-incident-to-pagerduty","label":"Sentinel incident to PagerDuty","status":"community","target_hint":"subscription / workspace / incident","workflow_value":"recipe-runbook"},{"default_approval_gate":"Code owner required","default_cadence":"Manual approval","default_context_pack":"Secure context trust pack","default_input_channel_ids":["recipe-index","gitlab-project-context","gitlab-vulnerability-findings","sbom-manual-import"],"default_output_channel_id":"gitlab-issue","default_recipe_query":"vulnerable dependency remediation","default_report_profile_id":"ticket-ready-brief","description":"Turn GitLab vulnerability findings into a reviewer-ready fix plan and open a GitLab issue in the same project.","id":"gitlab-vulnerability-to-gitlab-issue","label":"GitLab vulnerability to GitLab issue","status":"community","target_hint":"group/project vulnerability","workflow_value":"dependency"},{"default_approval_gate":"Code owner required","default_cadence":"Manual approval","default_context_pack":"Secure context trust pack","default_input_channel_ids":["page-context","recipe-index","azure-devops-repository","sarif-manual-import","sbom-manual-import"],"default_output_channel_id":"azure-devops-work-item","default_recipe_query":"vulnerable dependency remediation","default_report_profile_id":"ticket-ready-brief","description":"Use Azure DevOps repo context plus imported scanner artifacts to generate a governed remediation work item.","id":"azure-devops-remediation-to-work-item","label":"Azure DevOps remediation to work item","status":"community","target_hint":"organization / project / repo","workflow_value":"dependency"},{"default_approval_gate":"Security reviewer required","default_cadence":"Daily review queue","default_context_pack":"Runtime controls","default_input_channel_ids":["recipe-index","defectdojo-findings","confluence-knowledge"],"default_output_channel_id":"jira-ticket","default_recipe_query":"SAST finding triage","default_report_profile_id":"ticket-ready-brief","description":"Bundle active DefectDojo findings into a Jira-ready analyst brief with recipe-backed remediation steps.","id":"defectdojo-findings-to-jira","label":"DefectDojo findings to Jira","status":"community","target_hint":"product / engagement / finding set","workflow_value":"sast"},{"default_approval_gate":"Two-person review","default_cadence":"On new finding","default_context_pack":"Agentic assurance pack","default_input_channel_ids":["recipe-index","wiz-findings-api","prisma-cloud-alerts","security-hub-api"],"default_output_channel_id":"cortex-xsoar-incident","default_recipe_query":"agentic risk review","default_report_profile_id":"case-management-packet","description":"Aggregate Wiz, Prisma Cloud, or Security Hub findings into a structured case payload for Cortex XSOAR.","id":"cloud-alerts-to-xsoar-case","label":"Cloud alerts to XSOAR case","status":"community","target_hint":"account / subscription / tenant","workflow_value":"recipe-runbook"},{"default_approval_gate":"Security reviewer required","default_cadence":"On new finding","default_context_pack":"Runtime controls","default_input_channel_ids":["page-context","recipe-index","microsoft-defender-xdr-incidents","crowdstrike-detections"],"default_output_channel_id":"google-chat-webhook","default_recipe_query":"incident triage and containment","default_report_profile_id":"incident-response-brief","description":"Post a compact high-severity detection brief to Google Chat for cross-functional review without leaving the browser runtime.","id":"high-severity-detection-to-google-chat","label":"High-severity detection to Google Chat","status":"community","target_hint":"chat space / responder group","workflow_value":"recipe-runbook"},{"default_approval_gate":"Ticket required","default_cadence":"On new finding","default_context_pack":"Runtime controls","default_input_channel_ids":["sarif-manual-import","sbom-manual-import"],"default_output_channel_id":"splunk-hec","default_recipe_query":"scan findings bundle","default_report_profile_id":"scan-findings-bundle","description":"Example community-submitted profile for normalizing scan outputs before forwarding them to a SIEM pipeline.","id":"community-scan-to-siem","label":"Community scan to SIEM","status":"community","target_hint":"scanner / tenant / environment","workflow_value":"recipe-runbook"},{"default_approval_gate":"Security reviewer required","default_cadence":"On new finding","default_context_pack":"Runtime controls","default_input_channel_ids":["page-context","recipe-index","scanner-export-bundle","confluence-knowledge"],"default_output_channel_id":"servicenow-incident","default_recipe_query":"scan findings bundle","default_report_profile_id":"incident-response-brief","description":"Normalize a browser-local scanner export bundle into a reviewer-ready incident or remediation handoff for ServiceNow.","id":"scanner-export-to-servicenow","label":"Scanner export to ServiceNow","status":"curated","target_hint":"scanner export / environment / service owner","workflow_value":"recipe-runbook"},{"default_approval_gate":"Ticket required","default_cadence":"On new finding","default_context_pack":"Agentic assurance pack","default_input_channel_ids":["scanner-export-bundle","sarif-manual-import","sbom-manual-import"],"default_output_channel_id":"splunk-hec","default_recipe_query":"scan findings bundle","default_report_profile_id":"siem-forwarding-envelope","description":"Forward normalized browser-local scanner export findings into a SIEM-ready envelope for Splunk or another downstream analytics pipeline.","id":"scanner-export-to-splunk","label":"Scanner export to Splunk","status":"community","target_hint":"scanner export / index / environment","workflow_value":"recipe-runbook"},{"default_approval_gate":"Ticket required","default_cadence":"On new finding","default_context_pack":"Runtime controls","default_input_channel_ids":["page-context","recipe-index","sarif-manual-import"],"default_output_channel_id":"servicenow-incident","default_recipe_query":"SAST finding triage","default_report_profile_id":"ticket-ready-brief","description":"Turn imported SARIF findings into a governed ServiceNow incident for SecOps or platform follow-up.","id":"sarif-to-servicenow-incident","label":"SARIF to ServiceNow incident","status":"curated","target_hint":"service / module / SARIF upload","workflow_value":"sast"},{"default_approval_gate":"Security reviewer required","default_cadence":"On new finding","default_context_pack":"Agentic assurance pack","default_input_channel_ids":["sarif-manual-import","sbom-manual-import"],"default_output_channel_id":"elastic-security-case","default_recipe_query":"scan findings bundle","default_report_profile_id":"scan-findings-bundle","description":"Normalize imported scanner evidence into a browser-side report bundle, then open an Elastic Security case.","id":"scan-bundle-to-elastic-case","label":"Scan bundle to Elastic case","status":"community","target_hint":"scanner / cluster / environment","workflow_value":"recipe-runbook"},{"default_approval_gate":"Security reviewer required","default_cadence":"Weekly sweep","default_context_pack":"Agentic assurance pack","default_input_channel_ids":["page-context","recipe-index","sarif-manual-import","sbom-manual-import"],"default_output_channel_id":"teams-workflow-webhook","default_recipe_query":"agentic risk review","default_report_profile_id":"exec-risk-brief","description":"Assemble a review-ready risk brief from imported findings and route it to a Teams channel through a workflow webhook.","id":"weekly-risk-brief-to-teams","label":"Weekly risk brief to Teams","status":"community","target_hint":"business unit / leadership channel / finding set","workflow_value":"recipe-runbook"},{"default_approval_gate":"Code owner required","default_cadence":"Manual approval","default_context_pack":"Secure context trust pack","default_input_channel_ids":["page-context","recipe-index","github-repository","deps-dev-advisories","sbom-manual-import"],"default_output_channel_id":"linear-issue","default_recipe_query":"vulnerable dependency remediation","default_report_profile_id":"ticket-ready-brief","description":"Draft a reviewer-ready dependency remediation handoff and create a Linear issue for platform backlog tracking.","id":"dependency-fix-to-linear","label":"Dependency fix to Linear","status":"community","target_hint":"owner/repo package / team ID","workflow_value":"dependency"},{"default_approval_gate":"Code owner required","default_cadence":"On new finding","default_context_pack":"Runtime controls","default_input_channel_ids":["page-context","recipe-index","github-repository","github-code-scanning-alerts"],"default_output_channel_id":"jira-ticket","default_recipe_query":"SAST finding triage","default_report_profile_id":"ticket-ready-brief","description":"Turn GitHub code scanning alerts into a reviewer-ready Jira handoff that keeps repository context and remediation prompts together.","id":"github-code-scanning-to-jira","label":"GitHub code scanning to Jira","status":"community","target_hint":"owner/repo alert number / branch","workflow_value":"sast"},{"default_approval_gate":"Security reviewer required","default_cadence":"Daily review queue","default_context_pack":"Runtime controls","default_input_channel_ids":["recipe-index","semgrep-appsec-findings","confluence-knowledge"],"default_output_channel_id":"linear-issue","default_recipe_query":"SAST finding triage","default_report_profile_id":"ticket-ready-brief","description":"Use Semgrep AppSec findings plus recipe context to create a platform-ready Linear issue without leaving the browser workbench.","id":"semgrep-findings-to-linear","label":"Semgrep findings to Linear","status":"community","target_hint":"deployment / project / rule set","workflow_value":"sast"},{"default_approval_gate":"Security reviewer required","default_cadence":"On new finding","default_context_pack":"Agentic assurance pack","default_input_channel_ids":["recipe-index","aws-inspector-findings","confluence-knowledge"],"default_output_channel_id":"servicenow-incident","default_recipe_query":"scan findings bundle","default_report_profile_id":"incident-response-brief","description":"Pull AWS Inspector findings into a reviewed ServiceNow-ready incident or remediation handoff for cloud and platform teams.","id":"aws-inspector-to-servicenow","label":"AWS Inspector to ServiceNow","status":"community","target_hint":"account / region / workload","workflow_value":"recipe-runbook"},{"default_approval_gate":"Ticket required","default_cadence":"On new finding","default_context_pack":"Runtime controls","default_input_channel_ids":["recipe-index","rapid7-insightvm-vulnerabilities","confluence-knowledge"],"default_output_channel_id":"swimlane-case","default_recipe_query":"scan findings bundle","default_report_profile_id":"case-management-packet","description":"Turn Rapid7 InsightVM vulnerabilities into a structured Swimlane case packet for downstream coordination and response.","id":"rapid7-vulnerability-to-swimlane","label":"Rapid7 vulnerability to Swimlane","status":"community","target_hint":"site / asset group / vulnerability set","workflow_value":"recipe-runbook"},{"default_approval_gate":"Two-person review","default_cadence":"On new finding","default_context_pack":"Agentic assurance pack","default_input_channel_ids":["recipe-index","orca-security-alerts","prisma-cloud-alerts"],"default_output_channel_id":"tines-webhook","default_recipe_query":"agentic risk review","default_report_profile_id":"case-management-packet","description":"Normalize Orca alerts into a Tines-ready payload so cloud exposure review can move straight into deterministic workflow automation.","id":"orca-alerts-to-tines","label":"Orca alerts to Tines","status":"community","target_hint":"cloud account / exposure cluster / Tines story","workflow_value":"recipe-runbook"},{"default_approval_gate":"Security reviewer required","default_cadence":"Daily review queue","default_context_pack":"Runtime controls","default_input_channel_ids":["recipe-index","veracode-findings","confluence-knowledge"],"default_output_channel_id":"torq-webhook","default_recipe_query":"SAST finding triage","default_report_profile_id":"case-management-packet","description":"Route reviewed Veracode findings into a Torq workflow for coordinated remediation, approvals, or exception handling.","id":"veracode-review-to-torq","label":"Veracode review to Torq","status":"community","target_hint":"application profile / finding set / Torq workflow","workflow_value":"sast"},{"default_approval_gate":"Security reviewer required","default_cadence":"On new finding","default_context_pack":"Runtime controls","default_input_channel_ids":["page-context","recipe-index","microsoft-defender-xdr-incidents","confluence-knowledge"],"default_output_channel_id":"splunk-soar-incident","default_recipe_query":"incident triage and containment","default_report_profile_id":"case-management-packet","description":"Take a bounded Defender XDR incident, attach recipe and runbook context, and package it for a Splunk SOAR container.","id":"defender-xdr-to-splunk-soar","label":"Defender XDR to Splunk SOAR","status":"community","target_hint":"incident / device / Splunk SOAR container","workflow_value":"recipe-runbook"}]}