Discovered items and related vulnerability items are getting created for unknown classes?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-16-2022 09:55 AM
how to stop creating discovered items for unwanted classes so that it does not create vulnerable items related to that? or how to stop vulnerable items getting created for particular classes of discovered items?
for example:
some xyz configuration item/discovered item is greating created in servicenow with respective classes
incomplete ip identified device
unclassed hardware
unmatched ci
But security teams do not want vulnerable items getting created for those configuration items/discovered items.
@joe_harvey #vulnerabilityresponse #secops #sandiego
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-16-2022 08:41 PM
Hi,
You might have to then customize the script include which is parsing the payload and also script include ImportHost to do nothing if you don't find any match via CI lookup rules. I am not sure which integration you talking about here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-18-2022 02:58 AM
This is regarding Vulnerability Response integration API
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-17-2022 02:35 AM
Hi, if you want to stop the CI creation you should understand the source of CI creation. I assume your assignment is having discovery, SCCM , Manual Feed or Integration to create / update the CIs. You should limit the CI creation of specified classes in the mentioned options. No need to change anything under vulnerable codes.
Regards,
Suresh.
Suresh.