Rest API - how do i retrieve all Vulnerable Items under a remediation task?

darst007
Tera Contributor

‎12-08-2023 07:00 AM

Hi, I am having trouble fetching the complete list of Vulnerable Items under a remediation task (aka vulnerability group)?

Any help would be appreciated

Thanks

0 Helpfuls
  • 1,521 Views
4 REPLIES 4

Liju John1
Mega Guru

‎12-08-2023 12:01 PM - edited ‎12-08-2023 12:11 PM

What Kind of scanner are you using for the vulnerability import ?

 

For Tenable:

You can add those IPs into into a newly created asset tag in Tenable cloud add the asset-tag to the REST method or script include in the integration run job

TenableIOVulnerabilitiesIntegration - CustomerCopy

body.filters["tag.CategoryType"]=["New_Tag"];

 

You might want to check out this Docs page here, it appears like the JSON filter can be specified / overridden directly on the REST Message, such that you may not even need to modify or customize the Script Include.
https://docs.servicenow.com/bundle/vancouver-security-management/page/product/secops-integration-vr/...

 

For Qualys

you can add the IPs OR QIDs or the asset-tags to the script include or rest message like this 

Qualys Host Detection Integration - CustomerCopy

LijuJohn1_0-1702065303577.png

 

it is better to build a custom integration for bringing the vulnerabilities separately !!

 

Also create a Vulnerability Group rule with your own filters to add all the VITs to Remediation Task

darst007
Tera Contributor
In response to Liju John1

‎12-11-2023 01:14 AM

Hi Liju, apologies, i am a little bit new to RestMessageV2. Any way to fetch the required data via curl/Powershell /C#?

We're using qualys to collect data. 

0 Helpfuls

SanjivMeher
Kilo Patron
Kilo Patron

‎12-08-2023 12:05 PM

You may need to make a Rest API call to the table sn_vul_m2m_vul_group_item. Thats where the relationships between Vulnerable item and Remediation Tasks are stored in ServiceNow.


Please mark this response as correct or helpful if it assisted you with your question.

darst007
Tera Contributor
In response to SanjivMeher

‎12-11-2023 01:16 AM

Hi Sanjiv, tried REST api call via curl/Powershell - e.g. Invoke-RestMethod -Method Get -Uri "https://sn.instance/api/now/table/sn_vul_m2m_vul_group_item?sysparm_limit=1" -Headers $snowheader, however getting empty list:

 

result
------
{}

 

Am i doing something wrong?

0 Helpfuls