Rapid7 Vulnerability Integration and Risk Score

Go to solution
Lord Omicron
Giga Expert

‎06-10-2019 10:08 AM

Rapid7's Nexpose scan generates a risk score for vulnerabilities. ServiceNow also has vulnerabilities risk scores.The risk score from the integration is not loaded instead, the SN risk score (default 50) is what is showing (see second image). How do you override it so that the imported risk score from the integration is what's used instead of SN's? 

The score is available in the Rapid7 Vulnerabilities import set as shown in first image but it is not mapped to any field in SN tables. I believe I can add the field mapping to the related transform map but I'd rather verify that there is an OOTB configuration available. Any insights you can provide would be much appreciated.

Thanks!

find_real_file.png               find_real_file.png

Labels:
Preview file
12 KB
Preview file
13 KB
0 Helpfuls
  • 3,507 Views
1 ACCEPTED SOLUTION

Go to solution
jing3
Mega Guru

‎06-11-2019 12:54 PM

You could map the "Risk score" over to Vulnerability (third party vulnerability entry) as below. You can then use it later via the Vulnerability Calculator Group rules. I had a request to configure a rule to set the state of all VIT that matching a given vulnerability to "Close". Using Calculator Group rule to do that is pretty easy. 

find_real_file.png

View solution in original post

Preview file
55 KB
0 Helpfuls
12 REPLIES 12

Go to solution
jing3
Mega Guru

‎06-11-2019 12:54 PM

You could map the "Risk score" over to Vulnerability (third party vulnerability entry) as below. You can then use it later via the Vulnerability Calculator Group rules. I had a request to configure a rule to set the state of all VIT that matching a given vulnerability to "Close". Using Calculator Group rule to do that is pretty easy. 

find_real_file.png

Preview file
55 KB
0 Helpfuls

Go to solution
Lord Omicron
Giga Expert
In response to jing3

‎06-11-2019 03:06 PM

Yes, I mentioned this when I posted my original question "I believe I can add the field mapping to the related transform map but I'd rather verify that there is an OOTB configuration available." Thank you for referring me back to it though as that is indeed the simplest solution. Are you on Madrid? I believe we will be upgrading from Kingston to Madrid later this year. The UI in your screenshot is different. 

I will post an update after I've successfully tested all the changes. Thanks again Jing. 

0 Helpfuls

Go to solution
jing3
Mega Guru

‎06-12-2019 05:07 AM

FYI: When we are upgrading from Kingston to Madrid, we had some issues with the Rapid 7 integration  (imports got messed up). The fixes should be included in the updated release.  

Go to solution
abil1
Tera Contributor
In response to jing3

‎05-27-2020 11:11 AM

Hi Jing,

I need to bring the 'Risk Score' from Rapid7 to ServiceNow Vulnerability 'Risk Score' field.

I did the mapping as you have mentioned in the screenshot, after that what i need to do to configure?

Please help me on this.

0 Helpfuls

Go to solution
jing3
Mega Guru
In response to abil1

‎05-27-2020 01:47 PM

Abil, 

Next you will need to review all "Vulnerability Calculators" and make sure those with target field "risk_score" are inactive. Just run scheduled Rapid 7 integration on Vulnerable Items, you should see the results. Just keep in mind, all Vulnerability Calculators" will be run after the imports. So OOB calculators (active by default) will update the "risk_score" field.