SecOps forum

Resolved! problem

What tools and techniques can be used for effective root cause analysis?

VR - Confirmed column in sn_vul_detection

We have Rapid7 vulnerabilities integrated into VR. In the Vulnerable Item detection table (sn_vul_detection) there is a 'confirmed' column with boolean (True/False) values. What does this mean and where is there value coming from ?

Hi All, When manually ingesting the vulnerabilities the vulnerability summary should be different

When manually ingesting vulnerabilities from manual ingestion template, the current out-of-the-box configuration assigns a single summary to each Vulnerability ID, stored in the third-party table (sn_vul_third_party_entry). This summary is then appli...

What is the difference between "sn_vul_remediation_task" and "sn_vul_vulnerability" RT tables?

What is the [sn_vul_rememdation_task] table?I am trying to better understand Remediation Task functionality in Tokyo Vulnerability Response. I understand Vulnerability Groups are now relabeled as Remediation Taskshttps://docs.servicenow.com/bundle/s...

Send Servicenow logs to Azure Sentinel (Cloud SIEM) using Kafka

Hello, I need to send ServiceNow's system & audit logs to an Azure Sentinel. What is the best approach?From the documentation (Log Export Service (LES) (servicenow.com)) it would seem to be to use Kafka cloud-to-cloud (at least for Splunk) but I can ...

Email Parser

Experts, How is the email parser rule different from the Email Parsing properties? How is it going to retrieve emails from the inbox for processing? Email Parsing Inbox:Security Operations detection tools send email reports to these addresses to be...

Vulnerability Response - Create assignment rule with Vulnerable Item proof as condition

Hello,does anyone know how to create a condition in a Vulnerability Assignment Rule which looks into the Vulnerable Item proof in the Vulnerable Item Detection? We can't find this field under "Vulnerability" in the condition builder in the assignment...

Deployement Pipeline Issue

Hello Community,Could not connect to the environment. [Method failed: (/api/sn_pipeline/pipeline/validate_connection) with code: 400].I'm getting this message when trying to Create a connection with with Test Environment.How to Fix this?Thanks,Daiva

Exclusion Rules - what closes existing Vulnerable Items

Hello Experts, I wanted to ask about a feature of Vulnerability Response that was introduced not very long time ago, which is the option to add an Exclusion Rule. I understand the overall concept and how it works, but I'm having difficulty finding on...

VR Module

Hi, How to extract data from Vulnerable items(sn_vul_vulnerable_item) table for servers and workstations by using filters. Any one please help me on this.1. Exploitable & Actively Exploitable2. CISA KEV3. Backlog ( Vuln on or before march 12th)4. Act...

Qualys PCRS 2.0

Has anyone tested PCRS 2.0 or know when this will be available for Configuration Compliance? We are looking to utilize the excludeInactiveControl parameter. Inactive controls are being created as false negatives which is causing a lot of extra work.

Container Vulnerability Response - CVITS with Risk Rating - None

We're seeing CVITs created that do not have a risk rating assigned. We suspect that it has to do with the fact NVD has yet to assign a rating, yet the vendor has. We've upgraded our NVD plug-in to the latest version, same issue. Anyone else seeing...

Risk assessment

In Risk assessment, the assess and all other buttons are greyed out. Checked all the roles, did not find anything, Any reason behind this? I have attached the screenshot.

Need bulk deferrals for AVITs, CVITs and CTRs

I have found the bulk edit button works for doing bulk deferrals for VITs. I also need this for AVITs, CVITs and CTRs as well as their remediation tasks. Can someone assist and provide some documentation?

Any way to add Configuration Item to a Configuration Compliance Remediation Task (CRG)

We're setting Configuration Compliance Remediation Tasks to group by Assignment Group and Configuration Item. We're wanting to utilize certain fields from the CI in our approval rules for CRGs and so are hoping to set the CI on the CRG itself. I was ...

Forum Posts

Resolved! problem

VR - Confirmed column in sn_vul_detection

Hi All, When manually ingesting the vulnerabilities the vulnerability summary should be different

What is the difference between "sn_vul_remediation_task" and "sn_vul_vulnerability" RT tables?

Send Servicenow logs to Azure Sentinel (Cloud SIEM) using Kafka

Email Parser

Vulnerability Response - Create assignment rule with Vulnerable Item proof as condition

Deployement Pipeline Issue

Exclusion Rules - what closes existing Vulnerable Items

VR Module

Qualys PCRS 2.0

Container Vulnerability Response - CVITS with Risk Rating - None

Risk assessment

Need bulk deferrals for AVITs, CVITs and CTRs

Any way to add Configuration Item to a Configuration Compliance Remediation Task (CRG)

Qualys VM integration issue

Vulnerability Response: Associated VCA are not clo...

How does automatic CI Reclassification happens? Wh...

ServiceNow sends a notification of SIR update with...

VR Remediation Efforts for Remediation Tasks

How to add the UI action Button to the Three dots(...

Vulnerability Response: Reopened VIT reassignment

Unable to add work notes as default list view colu...

I just need to understand difference b/w Work note...

Ref info button is not working for CVITs table

Clarification on CIS–Vulnerability Response Exam V...

"ACL Exception Insert Failed due to security const...

Question about July 31 Transition for Wiz Built St...

CI Lookup Rule - Auto promote on certain classes

Not able to install VR plugin in PDI