Tulip helps you detect and remediate security issues in your critical applications' configuration. This capability proactively identifies risks across supported applications, provides actionable insights to strengthen your security posture, and helps you remediate these risks using standard Tulip change management tools. This is especially important for sensitive configurations of enterprise security apps like IAM (Okta, Microsoft Entra ID), MDM (Jamf Pro, Microsoft Intune), EDR (Crowdstrike Falcon, Microsoft Defender for Endpoint), WAF (Cloudflare) and others.
Following every change to your application configuration, the Tulip platform runs numerous detection rules to identify new risks. In addition, Tulip's Security Team continuously reviews new risks and opportunities for risk-reduction, and adds rules accordingly.
Reviewing your security issues
To review your security issues, click on 'Security issues' in the vertical left panel
β
In this screen you can:
Review the open security issues in your applications, along with their severity and relevant compliance frameworks such as SOC 2, ISO 27001, NIST and CIS.
Click the issue to learn more about its details, possible remediations, and which elements the issue was detected in
For each security issue, you can view Tulip's recommended remediations. Click a remediation to see more details about it.
Filter issues belonging to a specific compliance framework, or even a specific annex/control ID
Filter issues belonging to a specific applicaiton connection, of applicaiton type
Export open issues by clicking the download button
Issue details and occurrences
When you select a specific issue, you'll be able to see more details about it, and which elements the issue was detected on:
You can also click on the 'View' button of an individual occurrence to see the exact issue within the configuration element:
Hiding occurrences
You can hide specific occurrences in which the issue was detected, in case you've determined that there's no need to address the issue on that specific occurrence:
Hidden occurrences will not be shown in the Security Issues tab. To view them or un-hide them, toggle the "Hidden" switch at the upper-right part of the table.
Remediating security issues
Each issue may have one or more remediations recommended by Tulip. Click them to read more.
Remediations which include a check box can be automatically remediated by Tulip. Once you select one or more of these, and click on Preview Remediations, Tulip will create a Deployment targeted at your app connection, which contains configuration edits remediating the issue:
Once in the deployment, you can review Tulip's edits before actually deploying them:
As with all Tulip deployments, click the "Edit" βοΈ button to make additional edits before deploying.
Getting alerts on new security issues
When Tulip detects a new security issue, it can emit a New Security Issues email.
To configure who gets these emails, go to the Security Issues section in your application connection settings screen:
Tulip will only send an email when a new security issue is detected. Emails will also include information about other changes in your security posture.
Frequently Asked Questions
When does Tulip scan for new security issues?
Tulip runs an automatic scan after every fetch to your app connection. That includes scheduled fetches, manual fetches, and post-deployment fetches.
Can I add my own rule, or edit your packaged rules?
Not yet; however, you can suggest new rules, or improvements to existing rules, by using the feedback dialogs. Access them using the "..." button in the Security Issues screen's bottom right corner:
We plan to introduce more rule customization options in the future.
Who can view these issues and remediate them?
All Tulip users can view security issues. Only Tulip administrators can hide items from the view.
Remediations can be done by anyone with deployment permissions on the application, as they are done using Tulip's standard deployment mechanism.
I have more thoughts/feedback/questions
Please email us at support@tulipsecurity.com with anything else you'd like to now.