We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

SuSe Security (former NeuVector) Integration to Vulnerability Response?

Go to solution
klausschmid
Tera Contributor

3 weeks ago

we're using NeuVector for Container/Pod Scanning for Vulnerabilities. Is there an OOTB Box Integration available? If not, has anybody already integrated it?  (Enterprise Integration | SUSE® Security 5.4)

0 Helpfuls
  • 695 Views
1 ACCEPTED SOLUTION

Go to solution
ShrikantP549033
Giga Contributor

2 weeks ago

Hiii @klausschmid 

Currently, there is no official out-of-the-box (OOTB) integration between NeuVector (SUSE Security) and  ServiceNow Vulnerability Response provided by ServiceNow. Why?

ServiceNow’s certified integrations typically cover widely adopted vulnerability scanners such as:

Rapid7 InsightVM / Nexpose
Tenable.io / Nessus
Qualys
Microsoft Defender for Cloud
Others listed in the ServiceNow Store or supported connectors documentation

SUSE Security (NeuVector) is not part of the standard list of supported vulnerability scanner integrations.

Recommended Approaches to Integrate NeuVector with ServiceNow Vulnerability Response

Since no out-of-the-box connector exists, organizations typically achieve integration using one of the following approaches:

  1. Custom Integration via REST API

NeuVector exposes scan results via APIs, so you can:

  1. Pull vulnerability findings from NeuVector (containers/pods)

  2. Transform data to ServiceNow Vulnerability Response schema

  3. Create Vulnerability records (sn_vul_vuln) and Vulnerability Findings records (sn_vul_vuln_finding)

High-level flow:

Step 1: Query NeuVector API for vulnerability scan results
Step 2: Normalize severity, CVE, and image context
Step 3: Map data to ServiceNow Vulnerability Response fields
Step 4: Upsert records to ServiceNow via REST

Key fields to map:

CVE ID
Affected resource (container/image)
Severity and risk score
Fix or remediation details
Timestamps

Tools commonly used:

IntegrationHub REST step or Import Set
MID Server (if behind firewall)
Scripted REST integrations

  1. Integration Using IntegrationHub and Flow Designer

You can create:

REST spokes to communicate with NeuVector
Flows that:

Trigger on new scans
Poll periodically
Create or update Vulnerability Response records

Benefits:

Declarative approach
Easier to maintain
Reusable actions

  1. Use ETL or Connector Platforms

If your organization uses middleware such as Mulesoft, Boomi, or Tibco, you can:

  1. Fetch NeuVector scans at the API layer

  2. Translate data to ServiceNow API format

  3. Push the data to ServiceNow

General Integration Logic (Example)

Fetch vulnerabilities:

GET 

Translate to ServiceNow:

Create or update Vulnerability record:

POST /api/now/table/sn_vul_vuln

Create Vulnerability Finding:

POST /api/now/table/sn_vul_vuln_finding

Link findings back to vulnerability records.

If my Answer helped, please mark it as correct.

View solution in original post

3 REPLIES 3

Go to solution
ShrikantP549033
Giga Contributor

2 weeks ago

Hiii @klausschmid 

Currently, there is no official out-of-the-box (OOTB) integration between NeuVector (SUSE Security) and  ServiceNow Vulnerability Response provided by ServiceNow. Why?

ServiceNow’s certified integrations typically cover widely adopted vulnerability scanners such as:

Rapid7 InsightVM / Nexpose
Tenable.io / Nessus
Qualys
Microsoft Defender for Cloud
Others listed in the ServiceNow Store or supported connectors documentation

SUSE Security (NeuVector) is not part of the standard list of supported vulnerability scanner integrations.

Recommended Approaches to Integrate NeuVector with ServiceNow Vulnerability Response

Since no out-of-the-box connector exists, organizations typically achieve integration using one of the following approaches:

  1. Custom Integration via REST API

NeuVector exposes scan results via APIs, so you can:

  1. Pull vulnerability findings from NeuVector (containers/pods)

  2. Transform data to ServiceNow Vulnerability Response schema

  3. Create Vulnerability records (sn_vul_vuln) and Vulnerability Findings records (sn_vul_vuln_finding)

High-level flow:

Step 1: Query NeuVector API for vulnerability scan results
Step 2: Normalize severity, CVE, and image context
Step 3: Map data to ServiceNow Vulnerability Response fields
Step 4: Upsert records to ServiceNow via REST

Key fields to map:

CVE ID
Affected resource (container/image)
Severity and risk score
Fix or remediation details
Timestamps

Tools commonly used:

IntegrationHub REST step or Import Set
MID Server (if behind firewall)
Scripted REST integrations

  1. Integration Using IntegrationHub and Flow Designer

You can create:

REST spokes to communicate with NeuVector
Flows that:

Trigger on new scans
Poll periodically
Create or update Vulnerability Response records

Benefits:

Declarative approach
Easier to maintain
Reusable actions

  1. Use ETL or Connector Platforms

If your organization uses middleware such as Mulesoft, Boomi, or Tibco, you can:

  1. Fetch NeuVector scans at the API layer

  2. Translate data to ServiceNow API format

  3. Push the data to ServiceNow

General Integration Logic (Example)

Fetch vulnerabilities:

GET 

Translate to ServiceNow:

Create or update Vulnerability record:

POST /api/now/table/sn_vul_vuln

Create Vulnerability Finding:

POST /api/now/table/sn_vul_vuln_finding

Link findings back to vulnerability records.

If my Answer helped, please mark it as correct.

Go to solution
Eliz Skogquist
ServiceNow Employee

2 weeks ago - last edited 2 weeks ago

Hi Klausschmid,

 

To bring in vulnerabilities, first off, I want to make sure you are aware of the Vulnerability Response solution for Containers: https://store.servicenow.com/store/app/c18a67661b246a50a85b16db234bcb35 .  It uses docker images as the CIs, and findings link to those CVITs.  If you load directly into VR and not the VR for Containers, the findings don't group into the image and your license counts will be skewed upward.

Secondly, for loading the VR solution, we recommend you follow the VR integration framework: https://www.servicenow.com/docs/r/security-management/vulnerability-response/t_DefineNewIntegration.... .  This follows the architecture used for other scanner integration and is designed to allow for the multi-threading while loading the data from the scanner into vulnerable item type records.

 

Hope this helps!

Go to solution
klausschmid
Tera Contributor

Sunday

Thanks @ShrikantP549033  and @Eliz Skogquist 

we'll evaluate how to continue

0 Helpfuls