Hello,We have the VR integration with Tenable.io. We use remediation target rules to set SLAs and task rules to group VIs together by CI support group. The problem we have is that new VIs are being added to existing/open Remediation Tasks that have a...
Hello,Is there a suggested workflow/practice for bulk editing Container Vulnerable Items? There is a "Bulk Edit" feature for host VITs in Vulnerability Response, however I don't see one in CVR, nor do I see any documentation on the subject. We are ...
Hi, 1. On security incident record in security incident response workspace when we click on "create incident", a modal pops up. In this we want to add "assignment group" reference field with list similar to available on incident table. We found a re...
I'm running ServiceNow Vulnerability Response 26.0.11. There were recent changes to VR and now exception rules no longer create remediation task to track VITs that are deferred; but I also noticed I no longer have the option when creating the excepti...
Hi All, I'm using the Atlassian Jira integration with Vulnerability Response integration. However, I notice that I can only set 'sn_vul_app_vulnerability' or 'sn_vul_app_vulnerable_item' as my entity tables in the agile tool configuration (sn_vul_agi...
Error: OAuth flow failed. Verify the configurations and try again. Error detail:invalid_request, AADSTS90002: Tenant 'ea2bd261-c1b1-4388-b0ea-e9a7f266061d' not found. Check to make sure you have the correct tenant ID and are signing into the correct ...
Is there a way to report on MTTD (mean time to detect) for particular support groups or a canned report that visualizes this?
We use Rapid7's Active Risk score as one of the primary drivers of the normalized risk rating of third-party vulnerability entry records in VR, which then drives the risk score/rating of vulnerable items. As Active Risk is driven by threat intelligen...
Hi,We need to make closed state value visible only when current state is review in SIR workspace. We tried using onChange client script as well as Before business rule but its not reflecting in workspace. Is there any other way to configure this? Is ...
Can anyone provide me with an example of the response.json received from Sysdig on the endpoint https://<server>/api/scanning/v2/runtime/vulnerabilities?The reason I ask is that we are on-prem with both sysdig and servicenow and sysdig only offer th...
I am receiving the following error when trying to reapply vulnerability risk calculators.Error while executing Reapply Risk Calculators (VIT) job : TypeError: Method "toString" called on incompatible object (org.mozilla.javascript.NativeObject is not...
GOAL: To reevaluate and reset the Remediation Target Date for a Vulnerable Item if the Risk Rating changes due to the Source Risk Score changing. DETAILS:Qualys Integration with Vulnerability ResponseWe use QDS score from Qualys to set the Risk Score...
Hi All, I am looking for guidance and best practice on how to handle Zero day Vulnerabilities in ServiceNow for cases where CVE's are not available. Came across the below KB article which talks about creating a new table by extending OOTB Vulnerabili...
Hi,We currently use Source Risk Score from Qualys (Qualys Detection Score; QDS) to do a direct map to our Risk Score in ServiceNow. QDS combines the severity of the vulnerability with other Threat Intelligence to get that Risk Score. Quite frequent...
So, my vuln analysts are wondering if there is any way to have the remediation target use a base of when a VIT is assigned to a service now group. The reason being that the remediation teams are complaining because as certain items get assigned (lik...
| User | Count |
|---|---|
| 4 | |
| 2 | |
| 2 | |
| 1 | |
| 1 |
