Pen test Vulnerabilities Integrated into ServiceNow for Vulnerability Management and Reporting

Richbrowne · ‎03-10-2021

Hi,

Is there an approach to integrating a third party's Penetration Testing vulnerabilities into ServiceNow to provide vulnerabilities management and reporting please?

The Penetration Test results are not from an automated vulnerability scanning system they are from a third party Penetration testing consultancy that has performed exploitative tests to assess systems security status.

Chris McDevitt · ‎03-12-2021

These are complex questions, so this answer is; It depends.

"Did the solution that your team provided enable the full management of the imported Penetration Testing vulnerabilities in ServiceNow?"

- How does your organization define "full management"?

One thing that comes to mind; The pentest result became a Vulnerable Item and then follow the VR lifecycle. Except..... Normally a VR scanner is the final judge on whether or not something was truly resolved. Manually generating pentest results does not have the same mechanism. This part will need to be worked out.

"Did the solution provide the ability to provide full in-depth reports on vulnerability statistics from within ServiceNow?"

- How does your organization define "full in-depth reports"? Does your organization have Performance Analytics? As the data matures does your organization have the skill set to enhance the reporting?

View solution in original post

Rohitkumar01 · ‎01-24-2024

Certainly! Integrating a third party's Penetration Testing vulnerabilities into ServiceNow for robust management and reporting is possible. Utilize ServiceNow's integration capabilities or custom scripts to import exploitative test results. Design a custom data model, map relevant fields, and automate ticketing for remediation workflows. For expert guidance, consider consulting a specialized Penetration Testing service to optimize the integration within ServiceNow, ensuring a seamless and efficient vulnerabilities management process.