In vulnerability response how to implementation scanne using the third party scanner?

Go to solution
Neha52
Tera Contributor

‎05-05-2019 03:16 AM

Hi All,

I am implementing Vulnerability response module. As part of that we have to implement "Scanner" under the Vulnerability scanning.   I have gone through the Service-now doc but unable to implement.

Can anybody suggest implementation steps, so it will be really help for me.

Note : We are using Rapid 7 third party Vulnerability  tool.

Thanks,

Neha

Labels:
0 Helpfuls
  • 1,979 Views
1 ACCEPTED SOLUTION

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to Neha52

‎05-07-2019 09:05 AM

Hey Neha - glad to hear that helped!

For the scan request behavior - good observation here...

For integrations such as Rapid7, it makes sense to disable this behavior of attempting to trigger a scan request when closing a Vulnerability Group or Vulnerable Item.

Check this out:

- Navigate to Security Operations > Workflows > Workflow Triggers

- Look for two records here that contain "vuln" in the Name

- Notice these are set to Active = True...

- Set these to Active = False

Disabling these two baseline "Workflow Triggers", should get you the win here.

 

find_real_file.png

View solution in original post

Preview file
119 KB
6 REPLIES 6

Go to solution
Neha52
Tera Contributor
In response to andy_ojha

‎05-08-2019 12:56 AM

Hi Andy,

Thanks a lot for your help.

Need one more help, how we will calculate the "Priority"?

I followed below link, but not able to understand.

https://docs.servicenow.com/bundle/kingston-security-management/page/product/vulnerability-response/... 

Please help on this, and guide me how we will calculate the "Priority" and set in Vulnerability.

 

Regards,

Neha 

0 Helpfuls

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to Neha52

‎05-08-2019 08:56 AM

Hey there,

For Kingston VR -> I don't believe the Rapid7 integration sets a 'Priority' value on a Vulnerable Item, in the baseline config.

Can you confirm in your environment, whether or not Vulnerable Items created by Rapid7 have a 'Priority' value set?

In Madrid, there is a 'Normalized Severity' functionality where you can map the (0-10) Rapid7 Severity from the Vulnerability definition (e.g. R7-12345) to a Risk Rating value on the Vulnerable Item.

For your current setup on Kingston, you may want to consider creating a Calculator Group to set the Vulnerable Item 'Priority' based on the Vulnerability Severity value.

Alternatively, you may also investigate creating a Business Rule to set the Priority value based on the Vulnerability Severity provided by Rapid7.  You will need to normalize the (0-10) Severity, to fit your Priority ratings ... E.g. Sev 8-10 -> Priority = Critical.

0 Helpfuls