Hi, I am still fairly new to the VR space, and I know that you can manually split VUL by selecting VIT's but is it possible to write a script that would automate splitting a particular VUL task and then submit an exception for this newly split VUL?
Hi All, Recently we upgraded the vulnerability response plugin, after that plugin upgradation we are getting the Risk score related work notes like belowAnd this functionality is configured in one of the OOB script include 'VulnerabilityCalculatorCom...
Has anybody implemented the new Rapid7 to ServiceNow api? Run into any issues? Any suggestions? best practices? Any documentation? thanks in advance!
We have a SecOps subscription for VR module where licenses are tracked based on device count. We have also got table subscription under this scope - 5 tables. Now we are planning to use these tables for managing the risk registers, risk acceptance a...
Hello All,I have created a new background job configuration in sn_sec_cmn_background_job_configuration in this table using the logic written in other backgroup job config(i.e OOB) Can anyone suggest me how I run this background job as I'm not able fi...
In Vulnerability Response, we have an auto-close configuration set to close stale detections based on 'Detections last found' value being found 30 days ago. The option allows you to set only one value that applies across all detections. We're happy w...
Hi,Users with Security Analyst role are not able to change assignment groups on security incidents. Is this expected behavior or should something be changed for them to edit the assignment group?I have checked ACLs and don't see any issues over there...
What tools and techniques can be used for effective root cause analysis?
We have Rapid7 vulnerabilities integrated into VR. In the Vulnerable Item detection table (sn_vul_detection) there is a 'confirmed' column with boolean (True/False) values. What does this mean and where is there value coming from ?
When manually ingesting vulnerabilities from manual ingestion template, the current out-of-the-box configuration assigns a single summary to each Vulnerability ID, stored in the third-party table (sn_vul_third_party_entry). This summary is then appli...
What is the [sn_vul_rememdation_task] table?I am trying to better understand Remediation Task functionality in Tokyo Vulnerability Response. I understand Vulnerability Groups are now relabeled as Remediation Taskshttps://docs.servicenow.com/bundle/s...
Hello, I need to send ServiceNow's system & audit logs to an Azure Sentinel. What is the best approach?From the documentation (Log Export Service (LES) (servicenow.com)) it would seem to be to use Kafka cloud-to-cloud (at least for Splunk) but I can ...
Experts, How is the email parser rule different from the Email Parsing properties? How is it going to retrieve emails from the inbox for processing? Email Parsing Inbox:Security Operations detection tools send email reports to these addresses to be...
Hello,does anyone know how to create a condition in a Vulnerability Assignment Rule which looks into the Vulnerable Item proof in the Vulnerable Item Detection? We can't find this field under "Vulnerability" in the condition builder in the assignment...
Hello Community,Could not connect to the environment. [Method failed: (/api/sn_pipeline/pipeline/validate_connection) with code: 400].I'm getting this message when trying to Create a connection with with Test Environment.How to Fix this?Thanks,Daiva
