SuSe Security (former NeuVector) Integration to Vulnerability Response?

klausschmid · 3 weeks ago

we're using NeuVector for Container/Pod Scanning for Vulnerabilities. Is there an OOTB Box Integration available? If not, has anybody already integrated it? (Enterprise Integration | SUSE® Security 5.4)

ShrikantP549033 · 2 weeks ago

Hiii @klausschmid

Currently, there is no official out-of-the-box (OOTB) integration between NeuVector (SUSE Security) and ServiceNow Vulnerability Response provided by ServiceNow. Why?

ServiceNow’s certified integrations typically cover widely adopted vulnerability scanners such as:

Rapid7 InsightVM / Nexpose
Tenable.io / Nessus
Qualys
Microsoft Defender for Cloud
Others listed in the ServiceNow Store or supported connectors documentation

SUSE Security (NeuVector) is not part of the standard list of supported vulnerability scanner integrations.

Recommended Approaches to Integrate NeuVector with ServiceNow Vulnerability Response

Since no out-of-the-box connector exists, organizations typically achieve integration using one of the following approaches:

Custom Integration via REST API

NeuVector exposes scan results via APIs, so you can:

Pull vulnerability findings from NeuVector (containers/pods)
Transform data to ServiceNow Vulnerability Response schema
Create Vulnerability records (sn_vul_vuln) and Vulnerability Findings records (sn_vul_vuln_finding)

High-level flow:

Step 1: Query NeuVector API for vulnerability scan results
Step 2: Normalize severity, CVE, and image context
Step 3: Map data to ServiceNow Vulnerability Response fields
Step 4: Upsert records to ServiceNow via REST

Key fields to map:

CVE ID
Affected resource (container/image)
Severity and risk score
Fix or remediation details
Timestamps

Tools commonly used:

IntegrationHub REST step or Import Set
MID Server (if behind firewall)
Scripted REST integrations

Integration Using IntegrationHub and Flow Designer

You can create:

REST spokes to communicate with NeuVector
Flows that:

Trigger on new scans
Poll periodically
Create or update Vulnerability Response records

Benefits:

Declarative approach
Easier to maintain
Reusable actions

Use ETL or Connector Platforms

If your organization uses middleware such as Mulesoft, Boomi, or Tibco, you can:

Fetch NeuVector scans at the API layer
Translate data to ServiceNow API format
Push the data to ServiceNow

General Integration Logic (Example)

Fetch vulnerabilities:

GET

Translate to ServiceNow:

Create or update Vulnerability record:

POST /api/now/table/sn_vul_vuln

Create Vulnerability Finding:

POST /api/now/table/sn_vul_vuln_finding

Link findings back to vulnerability records.

If my Answer helped, please mark it as correct.

View solution in original post

ShrikantP549033 · 2 weeks ago

Hiii @klausschmid

Currently, there is no official out-of-the-box (OOTB) integration between NeuVector (SUSE Security) and ServiceNow Vulnerability Response provided by ServiceNow. Why?

ServiceNow’s certified integrations typically cover widely adopted vulnerability scanners such as:

Rapid7 InsightVM / Nexpose
Tenable.io / Nessus
Qualys
Microsoft Defender for Cloud
Others listed in the ServiceNow Store or supported connectors documentation

SUSE Security (NeuVector) is not part of the standard list of supported vulnerability scanner integrations.

Recommended Approaches to Integrate NeuVector with ServiceNow Vulnerability Response

Since no out-of-the-box connector exists, organizations typically achieve integration using one of the following approaches:

Custom Integration via REST API

NeuVector exposes scan results via APIs, so you can:

Pull vulnerability findings from NeuVector (containers/pods)
Transform data to ServiceNow Vulnerability Response schema
Create Vulnerability records (sn_vul_vuln) and Vulnerability Findings records (sn_vul_vuln_finding)

High-level flow:

Step 1: Query NeuVector API for vulnerability scan results
Step 2: Normalize severity, CVE, and image context
Step 3: Map data to ServiceNow Vulnerability Response fields
Step 4: Upsert records to ServiceNow via REST

Key fields to map:

CVE ID
Affected resource (container/image)
Severity and risk score
Fix or remediation details
Timestamps

Tools commonly used:

IntegrationHub REST step or Import Set
MID Server (if behind firewall)
Scripted REST integrations

Integration Using IntegrationHub and Flow Designer

You can create:

REST spokes to communicate with NeuVector
Flows that:

Trigger on new scans
Poll periodically
Create or update Vulnerability Response records

Benefits:

Declarative approach
Easier to maintain
Reusable actions

Use ETL or Connector Platforms

If your organization uses middleware such as Mulesoft, Boomi, or Tibco, you can:

Fetch NeuVector scans at the API layer
Translate data to ServiceNow API format
Push the data to ServiceNow

General Integration Logic (Example)

Fetch vulnerabilities:

GET

Translate to ServiceNow:

Create or update Vulnerability record:

POST /api/now/table/sn_vul_vuln

Create Vulnerability Finding:

POST /api/now/table/sn_vul_vuln_finding

Link findings back to vulnerability records.

If my Answer helped, please mark it as correct.

Eliz Skogquist · 2 weeks ago

Hi Klausschmid,

To bring in vulnerabilities, first off, I want to make sure you are aware of the Vulnerability Response solution for Containers: https://store.servicenow.com/store/app/c18a67661b246a50a85b16db234bcb35 . It uses docker images as the CIs, and findings link to those CVITs. If you load directly into VR and not the VR for Containers, the findings don't group into the image and your license counts will be skewed upward.

Secondly, for loading the VR solution, we recommend you follow the VR integration framework: https://www.servicenow.com/docs/r/security-management/vulnerability-response/t_DefineNewIntegration.... . This follows the architecture used for other scanner integration and is designed to allow for the multi-threading while loading the data from the scanner into vulnerable item type records.

Hope this helps!

klausschmid · Sunday

Thanks @ShrikantP549033 and @Eliz Skogquist

we'll evaluate how to continue