KEV's in Service-Now?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2022 01:23 PM
Hey experts,
Is anyone bringing in or ingesting KEV's(Known Exploited Vulnerability) in their Service-Now? We have been tasked to bring this data in so we know which Vulnerabilities have a KEV attached to them.
This is the website where they all reside: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
There is no easy API on that website.
Another big question is when I ingest these KVE's, where is the best place to put it? There are so many Vuln tables, where is the best location?
Any help or guidance is greatly appreciated!
-Adam
- Labels:
-
Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2022 10:20 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2022 07:23 AM
For Tenable this information comes over in the Third Party Vulnerabilities table. I'm struggling with trying to use it for useful things like remediation efforts but it's there under Vulnerability Entry -> Vulnerability References as CISA-KNOWN-EXPLOITED-Due Date. What makes it less useful in particular is it's tied to the Tenable Plugin not the CVE directly. That due date tied to the CVE would be very useful if it could easily be surfaced to a VIT.