About Manual Intake of Vulnerability Information.

Ohki_Yamamoto
Tera Guru

SeqOps-VR's vulnerability management provides an OOTB feature for manual capture of vulnerabilities.

 

Reference:

https://www.servicenow.com/docs/bundle/vancouver-security-management/page/product/vulnerability-resp...

 

There are also three types of vulnerabilities: infrastructure vulnerabilities, application vulnerabilities, and container vulnerabilities.

 

The manual ingest feature above is written like a feature for infrastructure vulnerabilities, but is a feature for manual ingestion of vulnerabilities provided for application vulnerabilities and container vulnerabilities?

 

*For penetration testing of application vulnerabilities, the procedure was to register data from the form screen as shown below.
  https://www.servicenow.com/docs/ja-JP/bundle/utah-security-management/page/product/vulnerability-app...

6 REPLIES 6

Sarath S
ServiceNow Employee
ServiceNow Employee

@Ohki_Yamamoto , I am seeking further clarification regarding the manual ingestion feature in  vulnerability management, especially in the context of application vulnerabilities and container vulnerabilities. Could you provide the use cases for the manual ingestion of these vulnerability types. 

 

Thanks,

Sarath S

MiravTMehta
ServiceNow Employee
ServiceNow Employee

@Ohki_Yamamoto There is tentative plan to have capability to Upload / Ingest Manual Intake of Vulnerability Information for application and container VR based on number of requests. 

 

Some infrastructure vulnerability fields  include IP, MAC address, FQDN, and more.

Can you please point out the fields ( like CVE, CWE, Created by, Impact, Resolution, URL, port) that you might want have in for Application vulnerability response and Container vulnerability response while manual Upload / Ingestion in servicenow

 

Thanks

Mirav T. Mehta

 

 

Ohki_Yamamoto
Tera Guru

@MiravTMehta @Sarath S 
Thank you very much.

Currently, we do not have specific requirements on what items should be manually imported for application vulnerabilities and container vulnerabilities.

I wanted to check if OOTB has the ability to manually import application vulnerabilities and container vulnerabilities, but I guess that means OOTB does not currently have it?

Do I have to manually create them from the form screen?

 

MiravTMehta
ServiceNow Employee
ServiceNow Employee

We're actively working on this capability to ship OOTB based on current customer feedback. To ensure we address your specific needs,  use cases and incorporate same, please do contact our Product Success team or your ServiceNow Champion.

 

Thanks

Mirav T. Mehta