How to create VI manually

Kosuke Tsujibay
Tera Contributor

‎05-27-2024 08:47 PM

HI, all

 

We're verifying how to create vulnerability item (VI) manually.

According to our team member, it seems to be posssible by copying the steps of Service Graph Connectors

We tested the blow flow for creating Vi but it didn't work because some issues occured here.

  • scheduled job runs to import CVEs from Nozomi
  • this brings in data via a REST GET method
  • data is initially imported into the "x_none_nozomi_vr_nozomi_node_cve_import" table
  • data then runs through the transform map Nozomi Node CVE Transform, where each line will run through multiple scripts for processing and mapping, eventually mapping to the "sn_vul_vulnerable_item" table

 

My team member have attempted to reverse engineer and recreate the associated transform map, but have run into some technical issues whilst trying to get it to process against the NVD library with manual data source - this seems to be due to the fact that when the OOTB SGC(here it's from Nozomi Networks) import is run, it attempts to match the data against inbound data from an already running NVD data import. It seems to implement a workaround, it will require significantly more configuration that initially anticipated.

 

Does anyone solve this problem?

I'm rushing about this because the customer is waiting for our proposal of OTM! but we can't without any SGC.

 

Thanks in advance.

0 Helpfuls
  • 922 Views
2 REPLIES 2

Community Alums
Not applicable

‎05-27-2024 09:20 PM

Hi @Kosuke Tsujibay ,

Multiple methods create vulnerable items (VI). Most commonly, an integration to a vulnerability scanner is installed and configured to import results nightly. There are cases, like physical security vulnerabilities, when you might prefer to manually add vulnerable item records.

Before you begin

Role required: sn_vul.vulnerability_write

About this task

VIs that you create manually, and automatically-created VIs are automatically added and removed from remediation tasks by remediation task rules and group conditions.

Procedure

  1. Navigate to All > Vulnerability Response > Vulnerable Items.
  2. Select a category to open the list.
  3. Click New.
  4. Fill in the fields on the form, as appropriate.
    For information on the vulnerable items fields see, Vulnerability Response vulnerable item form fields.
  5. Right-click in the form header and click Save.

    The remediation task rules evaluate the vulnerable item and add it to an existing task or creates a new task. If the evaluation fails, then the vulnerable item is added to Ungrouped Vulnerable Items list.

    When you save a new vulnerable item, all the enabled calculators run.
    Note: Only one calculator per Target field is allowed to be active at a time. When you activate one, any others with the same Target field are deactivated.
  6. You can click any of the related lists to view additional information.

    You can use the Related Link, Scan for Vulnerabilities to manually trigger a ServiceNow® -initiated scan. For information on how to configure a vulnerability scanner, see Configure and manage Qualys vulnerability scanners and scans.

    For a Qualys Vulnerability Integration, a default scanner is pre-installed in the Vulnerability Scanners module. This scanner is deactivated by default. Select the Active and Default check boxes to activate the Qualys scanner to work using the Scan for Vulnerabilities related link on the remediation task and vulnerable item forms.

    The following editing and remediation options become available from the header bar:

    • Update: Saves updates to the form.
    • Create Security Incident: Creates a security incident.
    • Close: Closes the item. If all items in its group are closed, the remediation task automatically closes.
    • Request Exception: Submits a request to defer an item.
    • Resolve: Resolves the item.
    • Delete: Removes the vulnerable item.

     

0 Helpfuls

Kosuke Tsujibay
Tera Contributor
In response to Community Alums

‎05-28-2024 08:08 PM

HI, @Community Alums 

 

Thanks for quick reply and detailed explantion of manual creation, but technically this is not exactly what  i want.

I think I missed some important information in my question.

I already have CVE information(CVS form) from Nozomi Guardian and want to utilize it to create VI, which part is I'm saying 'manually'

I think step4 in your procedure is difficult because filling appropriate information is so demanding at the actual operaton in business, that's why me team member tried below steps;

  • scheduled job runs to import CVEs from Nozomi
  • this brings in data via a REST GET method
  • data is initially imported into the "x_none_nozomi_vr_nozomi_node_cve_import" table
  • data then runs through the transform map Nozomi Node CVE Transform, where each line will run through multiple scripts for processing and mapping, eventually mapping to the "sn_vul_vulnerable_item" table
    *Present transform map was unavailable due to not refering to NVD, so my team memveer created new transform map insted but not worked well

However some issues occured as I described and right now I want to know how to create the custom transform map which refers to NVD info to create VI and also how to solve some issues happening after trying that.

0 Helpfuls