Rapid7 Vulnerability Integration and Risk Score

Go to solution
Lord Omicron
Giga Expert

‎06-10-2019 10:08 AM

Rapid7's Nexpose scan generates a risk score for vulnerabilities. ServiceNow also has vulnerabilities risk scores.The risk score from the integration is not loaded instead, the SN risk score (default 50) is what is showing (see second image). How do you override it so that the imported risk score from the integration is what's used instead of SN's? 

The score is available in the Rapid7 Vulnerabilities import set as shown in first image but it is not mapped to any field in SN tables. I believe I can add the field mapping to the related transform map but I'd rather verify that there is an OOTB configuration available. Any insights you can provide would be much appreciated.

Thanks!

find_real_file.png               find_real_file.png

Labels:
Preview file
12 KB
Preview file
13 KB
0 Helpfuls
  • 3,508 Views
1 ACCEPTED SOLUTION

Go to solution
jing3
Mega Guru

‎06-11-2019 12:54 PM

You could map the "Risk score" over to Vulnerability (third party vulnerability entry) as below. You can then use it later via the Vulnerability Calculator Group rules. I had a request to configure a rule to set the state of all VIT that matching a given vulnerability to "Close". Using Calculator Group rule to do that is pretty easy. 

find_real_file.png

View solution in original post

Preview file
55 KB
0 Helpfuls
12 REPLIES 12

Go to solution
abil1
Tera Contributor
In response to jing3

‎05-27-2020 07:41 PM

Hi Jing,

As you mentioned i have made all the "Vulnerability Calculators" as active 'false' and then ran the "Rapid7 Vulnerability Integration - API" integration, but it is not populating the value. It is populating as '0'. Please help me on this.

0 Helpfuls

Go to solution
jing3
Mega Guru
In response to abil1

‎05-28-2020 04:24 AM

You are using Rapid7 API integration. What you had done is for Rapid 7 Datawarehouse Integration. So the approach is not valid for this integration. With the API integration, there is no transfer map, the import is done via the script, you will have to dig into the integration script for Rapid 7 Vulnerable Item API integration to figure out what need to be done ( I had not done it).

One thing to consider, one of the important value of using the integration is to use Configuration Item details on ServiceNow to evaluate Risk exposure. Curious about the reason why not taking advantage of it. 

Go to solution
abil1
Tera Contributor
In response to jing3

‎05-28-2020 01:02 PM

Hi Jing,

Thanks for your info which was very helpful for me. Finally i found the script and updated that and now it got populated.

Regards,

Abil.

0 Helpfuls