Starting from v18.0, Vulnerability Response brings in cloud attributes for cloud resources from the scanners and makes them available for usage in CI lookup rules and other downstream functions. This enables easy and accurate lookup of cloud resources in CMDB and maps them to the resources discovered by scanners.
Discovered Items
The cloud attributes provided by the scanners and brought into ServiceNow Vulnerability Response are populated in Discovered Items table as new columns. Not all scanners provide the same cloud attributes; hence, one may find a few missing attributes depending on the scanner used.
Following are the new columns in the Discovered Items table storing the cloud attributes for cloud resources.
|
Discovered Items table column |
Description and Usage |
Qualys |
Tenable |
Rapid 7 |
|
Cloud Service Provider |
Name of the cloud service provider. One can filter a report or dashboard to view the impact on a cloud service provider. |
Yes |
Yes |
Yes |
|
Cloud Account |
Cloud Account the resource belongs to. |
Yes |
Yes |
|
|
Resource ID |
Unique Identifier of the cloud resource. This attribute can be used to accurately look up corresponding cloud resources in CMDB. |
Yes |
Yes |
Yes |
|
Resource Name |
Name of the cloud resource. |
|
Yes |
|
|
Cloud Resource Type |
The type of cloud resource. E.g. EC2, S3. |
Yes |
Yes |
|
|
Cloud Region |
The region the cloud resource is deployed in. |
Yes |
Yes |
|
|
Image |
The machine image used to deploy the cloud resource. |
Yes |
Yes |
|
Usage in CI Lookup and other rules
The cloud attributes can be leveraged in CI lookup rules to quickly and accurately identify the corresponding Configuration Item (CI) in CMDB for a cloud resource discovered by the scanner. For example, a CI Lookup rule can be defined to match the scanner-provided Resource ID to a CI attribute in CMDB that holds the cloud resource ID. When specified with high priority order, such a rule will map cloud resources scanned by the scanner to cloud resources in CMDB without further processing the CI lookup rules with lower priority order.
If you are using ServiceNow ITOM Cloud Discovery and are already populating the CMDB with cloud resources, CI lookup rules can be configured to look up the cloud resource in respective CMDB tables. If no match is found for a resource, Vulnerability Response will create a new CI for the cloud resource in the CMDB's Generic Cloud Resources (cmdb_ci_cmp_resource) table.
In v18.0 of Vulnerability Response, a CI lookup rule is provided out of the box to look up cloud resources in CMDB using the Cloud Resource ID provided by the scanner.
The cloud attributes populated in Discovered Items table could also be leveraged in other downstream rules such as assignment rules, risk calculators, exception rules, remediation task rules etc.
To get the cloud attributes from the scanners, please update your Vulnerability Response store app to version 18.0 from the store. The minimum platform version supported is San Diego.
Learn more by visiting our documentation site.
If you have feedback that you would like to share with us, please feel free to reach us at the below email.
- Siva Reddy Mallu, Principal Product Manager - VR (siva.mallu@servicenow.com)
