In vulnerability response how to implementation scanne using the third party scanner?

Neha52 · ‎05-05-2019

Hi All,

I am implementing Vulnerability response module. As part of that we have to implement "Scanner" under the Vulnerability scanning. I have gone through the Service-now doc but unable to implement.

Can anybody suggest implementation steps, so it will be really help for me.

Note : We are using Rapid 7 third party Vulnerability tool.

Thanks,

Neha

andy_ojha · ‎05-07-2019

Hey Neha - glad to hear that helped!

For the scan request behavior - good observation here...

For integrations such as Rapid7, it makes sense to disable this behavior of attempting to trigger a scan request when closing a Vulnerability Group or Vulnerable Item.

Check this out:

- Navigate to Security Operations > Workflows > Workflow Triggers

- Look for two records here that contain "vuln" in the Name

- Notice these are set to Active = True...

- Set these to Active = False

Disabling these two baseline "Workflow Triggers", should get you the win here.

View solution in original post

Shiva Thomas · ‎05-05-2019

Hi Neha!

You need to install the free Rapid7 plugin from the ServiceNow Store. 😅
Open "System Application > All Available Applications > All" (that's for Madrid version, for older version go to: Plugins)
Search for "Rapid"
Install the "Rapid7 Integration for Security Operations" application
Now you can do the integration's configuration
Open "Security Operations > Integrations > Integration Configuration"
Select Rapid7 and click Configure.
Click on the "Configuration Page" link, under the Rapid7 Logo.
Select integration type, depending of your Rapid7 product. InsightVM is for the Cloud version, the other one is for the on-site version.
Enter your API Key.
Test the credentials and Save.
From there you should be ably to configure data collection...
Open: "Vulnerability Response > Administration > Integrations".
You should find 13 Rapid7 integrations to play with! 😃

∴
Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or ✅Correct.
This enables other customers to learn from your thread.

andy_ojha · ‎05-05-2019

Hey Neha,

Shiva's comment here is a great overview of setting up the current Rapid7 integration with ServiceNow.

For your specific ask around the VR component you are looking at "Vulnerability Scanning > Scanners", this configuration is not applicable to the current Rapid7 Integrations (either to the Rapid7 Nexpose Data Warehouse or InsightVM).

This configuration is for integrations that leverage a scan request functionality (e.g. Qualys), to request a scan to be performed on a particular asset - where the scan request is originated from ServiceNow.

The current integrations between ServiceNow VR and Rapid7 (Nexpose Data Warehouse and InsightVM) are a one-way integration where data is ingested into ServiceNow on a scheduled basis.

Currently, there is no outbound integration from ServiceNow to trigger the Scan Request, to Rapid7. The scheduled jobs for the Rapid7 integrations will collect information on a periodic basis from Rapid7 and rely on your configured scheduled scans to continuously scan your environment and feed the results to ServiceNow.

You can safely ignore this area of the VR configuration for your Rapid7 integration / VR deployment, and you may want to ensure you have scans configured in Rapid7 to interrogate / scan assets in your environment on a frequent basis.

Neha52 · ‎05-06-2019

Hi Andy

Thanks a Lot , this is really helpful and save lot of time for me ..

However When i am trying to Resolve any Vulnerability group ticket , the scanner is triggering by default , could you please let me know how we can remove that step from the configuration .

I am working on Kingston , so is there any document or link which states the integration as Outbound only with Rapid 7 so i can share with my stakeholders .

Regards