- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2019 06:17 AM
This is the first time i am using Vulnerability response, so when the tenable scan ran this morning there was no third-party vulnerability entries the got created which means there was no vulnerability groups that got created which means there was no problem records that got created. I have a script include that parse the groups and creates problem tickets so when i saw that this morning it made me very concerned. I guess my question is how are these third-party vulnerability entries being created and is that a common thing when a scan runs that none are created? Any information is greatly appreciated.
Solved! Go to Solution.
- Labels:
-
Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2019 03:48 PM
Hey there,
Can you clarify what is triggering the creation of PRBs?
- Is it from Vulnerable Items, Vulnerability Groups or Third-Party Entries?
Yes - you may not see new Third-Party Entries being created day-to-day (nor would you see new Plugins created every day in Tenable); depending on the environment and how often Tenable Scans are being performed -> you would likely see more activity on Vulnerable Items.
If you've wired up logic to create a Problem record every time a record is created in the Third-Party Entry table -> I would stop this.
It's absolutely worth circling back with the client here, as this is not how ServiceNow intended the Vulnerability Response application to be used, nor is this what Problem Records should be used for.
The Remediation Users should be assigned Vulnerability Groups as their strategic unit of work (i.e. Task). This is where they can acknowledge their work, ask for an exception, create a Change Request, monitor progress, etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2019 06:20 AM
Hi,
Do you have rules in place to create Vulnerability groups?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2019 06:36 AM
Yes i believe so, i have never created any though.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2019 06:38 AM
I am not as familiar with the Tenable integration, but I have seen similar behavior with the Rapid7 integration. It appears (still not 100% confident) ServiceNow will intake vulnerabilities discovered after the integration with the vulnerability scanner. So, if your vulnerability scanner was already scanning the environment prior to the integration with ServiceNow, it will not intake any of the vulnerabilities already detected by your scanner. It will only intake new vulnerabilities discovered by the scanner from that point forward.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2019 06:40 AM
So if there are no new vulnerabilities that is why there was no new third-party vulnerabilities entries. Is that common? I have had this scan running for a couple months now and have never seen it run with no new vulnerabilities.
