Eliz Skogquist
ServiceNow Employee
Options
- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
09-28-2023 02:26 PM - edited 12-21-2023 10:55 AM
On August 17 & 18, the "Success with Vulnerability Response" webinar series continues with insights on some of the VR plug-ins and upgrade recommended practices. Vulnerability Response provides many plugins that are beneficial for your vulnerability handling and process maturity. Brad Wagner, Sr. Technical Consultant, SecOps and myself, Elizabeth Skogquist, Sr. Product Success Manager, SecOps present the capabilities of: Vulnerability Solution Management, Vulnerability Response Integration with CISA, Patch Orchestration, SecOps Health Analytics (VR Health Dashboard) alongside recommended practices during upgrades.
The recording can be viewed here:
Resource Links shared:
Customer Success Center
ServiceNow Documentation
- Vulnerability Solution Management
- Understanding the Vulnerability Response patch orchestration integration with Microsoft SCCM
- Understanding the HCL BigFix patch orchestration integration with Vulnerability Response
- SecOps Vulnerability Response Health Dashboard
- CISA Known Exploit Vulnerability (KEV) Integration
Support
| Question | Answer |
| We are seeing 80% of the records are not mapped with preferred solution for third-party vulnerabiltiies. Is that expected? | Are you seeing this with Microsoft solutions? if yes, then it is possible, there would be multiple superseding solutions and system is not able to identify the preferred solution. |
| If you have VR licensed are all of these plugins are included? | The VR Health Dashboard is available to all licensed VR customers. Please contact your Sales Specialist to confirm which other Plugins your license allows. |
| Are customers expected to manually populate preferred solutions manually for TPE and VIs manually? | When there is single superseing solution, it will populated automatically. When there are multiple superseding solutions then preferred solutions will not be set. You can review the potential solutions and assign the appropriate solution to the VIT.This happens when you have integration with Microsoft Bulletin.In future release, we’ll provide option to set the latest solution as prefereed solution. |
| Are only MS and Red Hat vulnerability solutions available or are other vendor product solutions also covered? | Other vendors are supported through CVRF integration. There are couple of CVRF integrations provided OOB. You can refer to this for more integrations: https://docs.servicenow.com/bundle/vancouver-security-management/page/product/vulnerability-response... |
| Are there any plans to integration the vulnerability solution management module with the patch management functionality within Qualys? | I haven’t seen that on the roadmap. Please create an idea for this consideration. The idea portal is on Support.servicenow.com, and allows for others to upvote your ideas. |
| Are there limitations using Tanium for VR? I didn't hear you mention it at all or listed on your slides. | You’ll want to review the documentation for the Tanium integrations. Not all vendors are able to provide the same information to the platform, so could have uniquenesses. |
| As installations scale up to many tens of million or hundred millions of records, how does/can PA help when there is still a limit on how many records can be selected in the source for indicators? | PA is considering significant improvements for next year to reduce such constraints. You will want to be sure you have set the Indicator Source Records Collection Maximum number of fetched records value to meet your VI counts, and review the breakdown matrix and exclude combinations that will not be used. |
| Do either the Microsoft Security Response Center or the RedHat Solution integrations require paid subscriptions to either Microsoft or RedHat? | No, these are advisory published by vendors and the Subscription is free. |
| Do you need subscriptions to Microsoft\RedHat for solutons to populate, or are these integrations included in Solutions Management? | These are part of Solution Management OOB integrations. |
| Does activating these vulnerability plugins impact the speed of the VR instance? | Each of these plug-ins will have integrations scheduled, and recommended to run during off business hours. The plug-ins themselves are providing supporting data on the forms, no processing, so will not impact speed of the VR instance. |
| How are vulnerabilities impacted by a superseding solution associated to that superseding solution to consolidate remediation actions? | The vulnerability records hold preferred solution, which replaces with a superseding solution, if one is defined. So you can consolidate records by preferred solution for monitoring in a Watch Topic, or creating Remediation Tasks |
| How do most customers use remediation efforts vs using remediation tasks created automatically? | Remediation Efforts are like projects (initiatives). Remediation Tasks are operational buckets of Vulnerable Items for remediation. |
| How do preferred solutions get populated? We have the field available but it doesn't get populated | When there are multiple superseding solutions then preferred solutions will not be set. You can review the potential solutions and assign the appropriate solution to the VIT.This happens when you have integration with Microsoft Bulletin.In future release, we’ll provide option to set the latest solution as prefereed solution. |
| How is this different from the Solution column we had in Third party table? | Solution column is not on the VG and only present on the TPE |
| Is 'Vulnerability Response Health Dashboard' plugin have a fee? | No, this plug in is free with all VR subscriptions. |
| What is the store link for the VR Health Dashboard? | You can find it on our store by searching for “SecOps Health Analytics” |
| Is it possible to associate a vulnerability solution to a remediation task? The ability to set the highest supercedence solution to a remediation task? | Solution is only set as vit level and TPE |
| Is that Top 15 based on the annual Top 10-15 list published by CISA? Which is a subset of the full list? | The CISA integration does not provide any Watch Topics, OOB. The Top 15 was an example, and it was created with the condition pulling the specific CVEs rated for Top 15. I am not aware of what measures (risk?) were determine that rating. |
| Is there a suggested upgrade order if we are upgrading both the family and the VR app (beyond the required minimum version)? | The VR app has releases 4x a year, and platform upgrades 2x a year. So VR can have an upgrade schedule more frequently than the platform. If the platform is upgrading, upgrade platform first, then application. |
| is there a way to find orphaned ci's (unclassed hardware/Unmatched CI/Incomplete IP Identified Device)? where the discovered item no longer exists. | It is usually other way around. Discovered Items may no longer have CIs if CIs are retired/archived in CMDB. We would not have Discovered Items if there are no Vulnerabe Items for a Configuration Item. |
| Is there a way to group or show a tab based on CWE? | At this point it cannot be grouped based on CWE.We are planning for redesigning the solution Managemnt in 2024, we are considering this grouping. |
| MS Intune support? It seems its more sccm base or big fix? | MS Intune support is not in roadmap for 2024. Current integration is with SCCM and BigFix.We are also working with Redhat for Satllite integration. This is in 2024 roadmap. |
| Similar to VR health dashboard, are their similar dashboards to see application andoverall platform health? | Please check out CMDB Health, ITOM Health and Health Log Analytics from Platform. |
| The installation of Integration with CISA requires almost every VR and CC plugin to be upgraded - we are fairing current VR 19.0.7 - are the required updates imapctful? | We recommend regularly updating your plugins to take advantage of new features being released. Please check our release notes on the store to check if the updates are impactful for your organization. |
| This is related to the CISA Plugin but it is possible to have the CISA due date as a drop down option in the Target from (date) in the remediation target rules? | Yes, you can include the due date as part of remediation target rule. |
| We are not seeing VIT being populated under the Solutions | This visualisation is currently not available.However, we are improving the solution management and considering this view. |
| We have remediation owners that would like a centralized way to document repeatable remediation steps and they are considering allowing them to manually create solutions for this purpose. Do you recommend against manually creating solutions for any reason? | It is recommended to use the Solution Management to automate the solution assignment to VIT. |
| What is the best practice around handling vulnerabilities that will be remediated by a patch that it is on a maintenance schedule and will be done in the near future? | If you have a Remediation Task Rule defined that is grouping all VITs into RTs as they come in, encourage you to put a condition on that rule to eliminate the VIs that have a patch scheduled to not be included. That will keep those VIs out of the RTs being worked by Remediation Owners and have their RTs only those that need their activity. |
| What is the vulnerability solutions located? | They are located in the Solutions module with in Vulnerability Response. |
| Will the default Installation of VR module come with any of these plugins? | Each of these plug-ins require their own install and are dependent on VR, and other modules. |
Comments
CASK Fedigan
Tera Contributor
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
11-14-2023
01:53 PM
May I be added to the Product Success mailing list?
Thanks!
Sarah Wood
Administrator
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
02-08-2024
12:02 PM
Hi @CASK Fedigan - It is an opt-in system, so once you register for a webinar you should automatically be added to the mailing list for future ones.
