Get a first look at what's coming. The Developer Passport Australia Release Preview kicks off March 12. Dive in! 

In vulnerability response how to implementation scanne using the third party scanner?

Go to solution
Neha52
Tera Contributor

‎05-05-2019 03:16 AM

Hi All,

I am implementing Vulnerability response module. As part of that we have to implement "Scanner" under the Vulnerability scanning.   I have gone through the Service-now doc but unable to implement.

Can anybody suggest implementation steps, so it will be really help for me.

Note : We are using Rapid 7 third party Vulnerability  tool.

Thanks,

Neha

Labels:
0 Helpfuls
  • 3,377 Views
1 ACCEPTED SOLUTION

Go to solution
andy_ojha
ServiceNow Employee
In response to Neha52

‎05-07-2019 09:05 AM

Hey Neha - glad to hear that helped!

For the scan request behavior - good observation here...

For integrations such as Rapid7, it makes sense to disable this behavior of attempting to trigger a scan request when closing a Vulnerability Group or Vulnerable Item.

Check this out:

- Navigate to Security Operations > Workflows > Workflow Triggers

- Look for two records here that contain "vuln" in the Name

- Notice these are set to Active = True...

- Set these to Active = False

Disabling these two baseline "Workflow Triggers", should get you the win here.

 

find_real_file.png

View solution in original post

Preview file
119 KB
6 REPLIES 6

Go to solution
Neha52
Tera Contributor
In response to andy_ojha

‎05-08-2019 12:56 AM

Hi Andy,

Thanks a lot for your help.

Need one more help, how we will calculate the "Priority"?

I followed below link, but not able to understand.

https://docs.servicenow.com/bundle/kingston-security-management/page/product/vulnerability-response/... 

Please help on this, and guide me how we will calculate the "Priority" and set in Vulnerability.

 

Regards,

Neha 

0 Helpfuls

Go to solution
andy_ojha
ServiceNow Employee
In response to Neha52

‎05-08-2019 08:56 AM

Hey there,

For Kingston VR -> I don't believe the Rapid7 integration sets a 'Priority' value on a Vulnerable Item, in the baseline config.

Can you confirm in your environment, whether or not Vulnerable Items created by Rapid7 have a 'Priority' value set?

In Madrid, there is a 'Normalized Severity' functionality where you can map the (0-10) Rapid7 Severity from the Vulnerability definition (e.g. R7-12345) to a Risk Rating value on the Vulnerable Item.

For your current setup on Kingston, you may want to consider creating a Calculator Group to set the Vulnerable Item 'Priority' based on the Vulnerability Severity value.

Alternatively, you may also investigate creating a Business Rule to set the Priority value based on the Vulnerability Severity provided by Rapid7.  You will need to normalize the (0-10) Severity, to fit your Priority ratings ... E.g. Sev 8-10 -> Priority = Critical.

0 Helpfuls