How does CSDM complement Vulnerability response

Dharshini Rohit · ‎02-15-2023

Hi,

In all VR documents, it is mentioned that a CI should possess an Assignment group info for the Remediation tasks to be assigned to. However, this contradicts the fact of introducing CSDM. As in CSDM, we group CI's either to a Technical Service offering via Application service. The support group info for ITSM triaging is obtained (based on category of the Incident) from either Application Service or from the Technical Service offering. But for VR, we are required to populate this info on the CI. My question is, where and how does CSDM provide value to Security operations/ vulnerability response.

Thanks

Dharshini

Kim Rasmussen · ‎02-15-2023

You should also look at why we use CSDM - CSDM provides you with a Business centric view of all Application services and CI's.

With a well populated CMDB (based on CSDM) you will easily be able to assess what part of the business is impacted by what vulnerability and how business critical that is. Service Business criticality combined with the severity of the vulnerability will help you prioritize remediation and assess risk of every Vulnerability reported.

scott_lemm · ‎02-15-2023

@Dharshini Rohit this is a timely question. Thank you for sharing.

Historically, Vulnerability Response focuses on the creation of CIs within a VR specific class of the CMDB. Population of assignment group and other attributes within their VR CMDB Class were best practices for VR but unrelated to CSDM. Thus, VR historically has had little direct relationship to CSDM concepts. The reality is the VR team was waiting for other internal ServiceNow solutions to mature and adopt CSDM concepts.

That said, VR will be taking a huge step to utilize the maturing Product capability of CSDM as well as integrate with the Design and Build domains. This step is only possible as CSDM has matured both internally and externally.

In the near future, VR will have a CSDM data model focus using Products, Business Applications, and Application Services in relating vulnerabilities to CSDM objects. In an effort to further enhance Security Operations, the use of Teams will enable the identification of multiple contact records to a CI beyond the legacy Support/Change/Managed by Group(s). I am excited to utilize the value of Teams by adding a Security Response group for VR use cases.

The Vulnerability Response team and CSDM have a shared vision to help make VR seamless using data standards throughout the ServiceNow Platform.

I hope this helps with your question. I am happy to provide more details 1:1 if you wish to email me.

Thank you,

Scott Lemm

Dharshini Rohit · ‎02-16-2023

Hi Scott, thanks for the update. Do we know the timelines when we can leverage the Teams capability on TSO's?

sai12 · ‎03-08-2023

CSDM only prescribes but not mandated this :

If Service Offering doesn't have support group associated , it would be populated from CI. So accordingly you can plan for VR

Barry Kant · ‎03-08-2023

hi Sai12,
the cmdb_rel_team table is in Tokyo release and Syncs data from TSO to this table via:
Business Rule: Sync teams to CI assigned groups (on cmdb_ci_service table)

it syncs:

Approval Group
Change Group
Manage by Group
Support Group

The Teams related list allows to add other Group references with a unique Group Type. Meaning there is a validation that per CI there cannot be multiple Groups with the same Group Type. (--> Business Rule: Maintain unique values for Teams)

This way you can add a Group Type for DR Group

BR,
Barry