Import 'Solutions' from Tenable.sc

SachinS43063878
Tera Contributor

3 weeks ago

Hi All,

 

We have activated the Vulnerability Solutions Management plugin and are looking to import 'Solution' from Tenable.sc.

I have gone through Tenable documentation but it seems like they do not follow the CSAF or CVRF schema for solutions.

 

If anyone has already imported Solutions data from Tenable.sc , can you please help on how you achieved it. 

 

PS: The Tenable Vulnerability plugin does not have import solutions.

#tenable #vulnerabilitysolutions #VR #secops 

 

SachinS43063878_0-1779134652765.png

 

0 Helpfuls
  • 1,056 Views
6 REPLIES 6

Tanushree Maiti
Tera Patron

3 weeks ago

Hi @SachinS43063878 

 

refer these resources:

Import Applications Data from Tenable Web Application Scanning Vulnerability Response Integration 

Vulnerability response: Importing from tenable.sc using tenable provided connector has become slow. 

Tenable.sc Open Vulnerabilities Integration 

 

 

 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls

SachinS43063878
Tera Contributor
In response to Tanushree Maiti

3 weeks ago

please don't share random articles, they are not helpfull.

0 Helpfuls

william_tran
ServiceNow Employee

2 weeks ago

Two things to separate here.

 

The CSAF and CVRF channels in Vulnerability Solution Management are for vendor advisory feeds. Red Hat, SUSE, Microsoft (via MSRC), Cisco, Oracle, and others publish structured remediation data in those formats. Tenable is a scanner, not a vendor publisher, so it does not ship in CSAF or CVRF. 

 

For scanner-sourced solutions from Tenable.sc, you do not need a separate "Import Solutions" job. Starting with Vulnerability Response v24.0.6, the Tenable.sc Plugin Integration ingests solutions at the Vulnerability / Third Party Entry (TPE) level as part of the regular vulnerability import. The lever is the system property sn_vul.populate_scanner_solutions. It defaults to false. Set it to true and Tenable solutions populate as Preferred when no vendor solution is available.

 

Precedence order for Preferred Solution, in order: Manual, then Vendor (MSRC, Red Hat, CSAF, CVRF), then Latest (controlled by sn_vul.latest_solutions), then Scanner Bulletin (Tenable, Qualys, MS TVM). Scanner solutions fill the gap for product families where you do not have a vendor advisory feed.

 

See the Vulnerability Solution Management documentation on docs.servicenow.com and the VR v24.0.6 release notes for the full mechanism. Confirm your VR version is >= v24.0.6 and validate the property values on your instance before flipping anything in production.

 

If this helped, mark it helpful or accept as solution so others hitting the same question can find it.

0 Helpfuls

SachinS43063878
Tera Contributor
In response to william_tran

a week ago

Thanks William I will try activating the property.

0 Helpfuls