VR Tenable Calculator configuration in VR

KarenKaur · ‎06-10-2024

Can someone please share the VR Tenable calculator configuration in ServiceNow Vulnerability Response. I am not able to find certain attributes in ServiceNow and having difficulties on Tenable VPR attribute that matches in ServiceNow. DO we also filter on the risk score or source risk score or severity attribute? Thanks in advance. Can someone also tell me if there is any API built for Tenable WAS to be integrated into VR? Thanks.

Shivam Sarawagi · ‎06-13-2024

Can someone also tell me if there is any API built for Tenable WAS to be integrated into VR?

Ans: Not that I am aware of

VPR is mapped as the source_risk_score the vulnerability (TEN-xxx) and the recasted risk on the Vulnerable item as the priority field. If you have installed the Tenable plugin you would see a scripted calculator using the VPR score from the Tenable.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1637927

View solution in original post

Shivam Sarawagi · ‎06-13-2024

Can someone also tell me if there is any API built for Tenable WAS to be integrated into VR?

Ans: Not that I am aware of

VPR is mapped as the source_risk_score the vulnerability (TEN-xxx) and the recasted risk on the Vulnerable item as the priority field. If you have installed the Tenable plugin you would see a scripted calculator using the VPR score from the Tenable.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1637927

KarenKaur · ‎07-21-2024

Thanks for the feedback. How do i ensure that all the attributes in 3rd party table is in SNOW?

aayushshah998 · ‎09-13-2024

Hi Shivam,

If the VPR score is unavailable for a TPE, does the calculator fall back on the CVSS v3 score? If not, can you suggest ways of adding this logic into the calculator. Any help would be greatly appreciated.

Thanks!

Shivam Sarawagi · ‎07-22-2024

Hi,

You can check our parsing logic to compare it with the payload response and values persisted.
For your reference, I am putting the payload attributes we mapping to third-party entry columns and other related tables

id	id
Description	summary
[script]	source
[script]	source_instance
family	category
plugin_modification_date	last_modified
plugin_publication_date	date_published
has_patch	remediation_type
synopsis	threat
cvss_base_score	score
solution	solution
exploit_available	exploit
vpr.score	source_risk_score
[script]	source_risk_rating
vpr.drivers.age_of_vuln	age_of_vuln
vpr.drivers.exploit_code_maturity	exploit_code_maturity
vpr.drivers.product_coverage	product_coverage
vpr.drivers.threat_sources_last28	threat_sources
vpr.drivers.threat_intensity_last28	threat_intensity
vpr.drivers.threat_recency	threat_recency
vpr.drivers.cvss3_impact_score	v3_impact_subscore
cvss_temporal_score	cvss_temporal_score
cvss_v3_temporal_score	v3_temporal_score
risk_factor	source_severity
name	name
stig_severity	stig_severity
plugin_type	check_type
unsupported_by_vendor	unsupported_by_vendor
[script]	exploit_attack_vector
cve	refTable
bid	refTable
see_also	refTable
xrefs	refTable
[script]	refTable
family_id	family_id
cvss3_base_score	v3_base_score
attributes.cvss_vector	v2_vector_string
attributes.cvss_temporal_vector	temporal_vector
attributes.cvss3_temporal_vector	v3_temporal_vector
attributes.cvss3_vector	v3_vector_string