Discovered items and related vulnerability items are getting created for unknown classes?

sai yaswanth ku
Giga Expert

‎11-16-2022 09:55 AM

how to stop creating discovered items for unwanted classes so that it does not create vulnerable items related to that? or how to stop vulnerable items getting created for particular classes of discovered items?

for example:

some xyz configuration item/discovered item is greating created in servicenow with respective classes
incomplete ip identified device

unclassed hardware

unmatched ci

But security teams do not want vulnerable items getting created for those configuration items/discovered items.
@joe_harvey #vulnerabilityresponse #secops #sandiego

0 Helpfuls
  • 896 Views
3 REPLIES 3

Shivam Sarawagi
ServiceNow Employee
ServiceNow Employee

‎11-16-2022 08:41 PM

Hi,

 

You might have to then customize the script include which is parsing the payload and also script include ImportHost to do nothing if you don't find any match via CI lookup rules. I am not sure which integration you talking about here.

0 Helpfuls

sai yaswanth ku
Giga Expert
In response to Shivam Sarawagi

‎11-18-2022 02:58 AM

This is regarding Vulnerability Response integration API

0 Helpfuls

ersureshbe
Giga Sage
Giga Sage

‎11-17-2022 02:35 AM

Hi, if you want to stop the CI creation you should understand the source of CI creation. I assume your assignment is having discovery, SCCM , Manual Feed or Integration to create / update the CIs. You should limit the CI creation of specified classes in the mentioned options. No need to change anything under vulnerable codes.

Regards,

Suresh.

Regards,
Suresh.
0 Helpfuls