- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
04-08-2024 02:43 PM - edited 05-20-2024 10:22 AM
Did you know about working with zero-day assessment, with or without SAM licensing, with Exposure Assessment? In addition, you can get an overall rating of your organizations' attack surface using the Unified Vulnerability Response Dashboard. With recent enhancements to Exposure Assessment and Unified Vulnerability Response Dashboard, we want to be sure the latest capabilities are understood.
On April 3 & 4, 2024, Sarath Mohan, Sr. Product Manager, for these solutions, with myself, Sr. Product Success Manager, bring the insights to you on use case examples, product demonstration, and how to get these solutions set-up.
Watch the webinar recording here:
Resources shared:
ServiceNow Documentation
Exploring exposure assessment: https://docs.servicenow.com/bundle/washingtondc-security-management/page/product/vulnerability-respo...
Unified Vulnerability Response Dashboard: https://docs.servicenow.com/bundle/washingtondc-security-management/page/use/dashboards/application-...
Support.servicenow.com
Questions | Answers |
Can an SBOM be leveraged to assist with identifying affected software/libraries beyond just installed software and CPEs? | This enhancement is planned to query the software components in SBOM. Currently, this is not possible in Exposure Assessment. However, if you are using the Vulnerability Crisis Management feature, then you can query the SBOM as well. |
When creating a VI without a CVE, since it does not exist yet, can one be added when it becomes available / will there be an automatism to achieve this? | There is no automation that links a CVE after its creation, or entry, in the platform. The suggestion is to perform the assessment by entering the software details, as you are creating VIs, CVE is a mandatory field, currently. |
How the internet facing field is mapping in the asset overview tab? As in the cmdb_ci table we don’t have internet facing field/ column. If we want to see how many CIs are internet facing how we can verify it? | We can only consider the hardware class and the extended classes from hardware class for this. The base table cmdb_ci will not have this field. Currently the internet facing field is manually set by customers for the CIs they know are externally facing. |
We should be up to date on all of our plugins etc., but I am unable to view the Vulnerability Assessment workspace. Is there some type of pre-requisite that we could have missed? | The Assessment workspace becomes available with the installation of the Vulnerability Emergency Response plugin. It can be found on the ServiceNow store at: https://store.servicenow.com/sn_appstore_store.do#!/store/application/9a8a59054a76a1101c45d89ce7b2e7... |
Are there any plans to import software installation data from vulnerability scanning tools? Tenable, for example, could provide CPE strings to SAM/Exposure Assessment for what it finds installed on a device. | We get the CPEs from NVD. The same CPEs are reported by Tenable as well. Those CPEs are queried against SAM to get the installations. We have this in the backlog to expand capabilities being brought in from scanning tools. |
When will see new use cases for using the SN LLM for the security apps? | Gen AI is part of VR roadmap. We continue to connect with VR customers to understand the use cases. Please reach out to your account team to schedule time with us, if you would be interested in discussing the use cases with us. |
What version of Vulnerability Response is needed to have the Exposure Assesment by CVE added? Currently I am only seeing the Software Installations option. | The minimum version of VR required is 19.0.4, which is the August release version. But you would also need to upgrade Vulnerability Emergency Response and Vulnerability Response Common Workspace along with that. Please refer to the KB0856498 (VR Compability Matrix and Release Schema Changes) and ensure you have compatible versions installed. |
what determines a CI as reportable for the dashboard counts? | The CI should have some sort of vulnerabilities, to be counted in the VR dashboards. |
If we want to see the metric details then where we can navigate | We can see the metric details in the UI Builder for Unified Vulnerability Response Dashboard. |
In this context what does Scanned CI mean and what data source is referenced? | CIs from discovered items/Discovered container images/application releases scanned in the last 60 days |
For PDI’s can we get Software Installations and Discovery models data? | This data is normally based on the customer’s instance. You can install SAM plugins on your PDI with the demo data to get some sample discovery models and the installations. |
Can you please tell me one query for the ci host internet facing | Today the internet facing field in on the Hardware Class tables. It would be manually set by the CI Owner or CMDB owner, depending on how your organization is managing the CMDB data. |
Is this available with Standard, or is Professional or Enterprise required? | Pro and Enterprise license requirement for Exposure Assessment and Unified Dashboard is available for all Vulnerability Response licenses. |
How do we, as users/owners of VR, ensure that Discovery tools which exposure assessment utilizes, is collecting data accurately and effectively so that our queries are high confidence? | The sources should ensure that the data is rightly populated in the tables ‘cmdb_sam_sw_discovery_model’ and ‘cmdb_sam_sw_install’. If the quality of the data in these two tables is good, then the accuracy will also be good. |
Auto Close rule is only defined by a date parameter? not by if the specific softwre/version is still being discovered ? | Yes, today Auto Close rules are defined by date/days. |
If we want to see the metric detail of host ci internet facing in the remediation tab how we can see it? | You will need to update the queries to get that metric in the Remediation tab. |
- 766 Views