VR Tenable Calculator configuration in VR

KarenKaur
Tera Contributor

Can someone please share the VR Tenable calculator configuration in ServiceNow Vulnerability Response. I am not able to find certain attributes in ServiceNow and having difficulties on Tenable VPR attribute that matches in ServiceNow. DO we also filter on the risk score or source risk score or severity attribute? Thanks in advance. Can someone also tell me if there is any API built for Tenable WAS to be integrated into VR? Thanks.

1 ACCEPTED SOLUTION

Shivam Sarawagi
ServiceNow Employee
ServiceNow Employee

Can someone also tell me if there is any API built for Tenable WAS to be integrated into VR? 

Ans: Not that I am aware of

 

VPR is mapped as the source_risk_score the vulnerability (TEN-xxx) and the recasted risk on the Vulnerable item as the priority field. If you have installed the Tenable plugin you would see a scripted calculator using the VPR score from the Tenable. 

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1637927

View solution in original post

6 REPLIES 6

Shivam Sarawagi
ServiceNow Employee
ServiceNow Employee

Can someone also tell me if there is any API built for Tenable WAS to be integrated into VR? 

Ans: Not that I am aware of

 

VPR is mapped as the source_risk_score the vulnerability (TEN-xxx) and the recasted risk on the Vulnerable item as the priority field. If you have installed the Tenable plugin you would see a scripted calculator using the VPR score from the Tenable. 

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1637927

Thanks for the feedback. How do i ensure that all the attributes in 3rd party table is in SNOW?

Hi Shivam,

 

If the VPR score is unavailable for a TPE, does the calculator fall back on the CVSS v3 score? If not, can you suggest ways of adding this logic into the calculator. Any help would be greatly appreciated.

 

Thanks!

Shivam Sarawagi
ServiceNow Employee
ServiceNow Employee

Hi,

 

You can check our parsing logic to compare it with the payload response and values persisted.
For your reference, I am putting the payload attributes we mapping to third-party entry columns and other related tables

 

id id
Description summary
[script] source
[script] source_instance
family category
plugin_modification_date last_modified
plugin_publication_date date_published
has_patch remediation_type
synopsis threat
cvss_base_score score
solution solution
exploit_available exploit
vpr.score source_risk_score
[script] source_risk_rating
vpr.drivers.age_of_vuln age_of_vuln
vpr.drivers.exploit_code_maturity exploit_code_maturity
vpr.drivers.product_coverage product_coverage
vpr.drivers.threat_sources_last28 threat_sources
vpr.drivers.threat_intensity_last28 threat_intensity
vpr.drivers.threat_recency threat_recency
vpr.drivers.cvss3_impact_score v3_impact_subscore
cvss_temporal_score cvss_temporal_score
cvss_v3_temporal_score v3_temporal_score
risk_factor source_severity
name name
stig_severity stig_severity
plugin_type check_type
unsupported_by_vendor unsupported_by_vendor
[script] exploit_attack_vector
cve refTable
bid refTable
see_also refTable
xrefs refTable
[script] refTable
family_id family_id
cvss3_base_score v3_base_score
attributes.cvss_vector v2_vector_string
attributes.cvss_temporal_vector temporal_vector
attributes.cvss3_temporal_vector v3_temporal_vector
attributes.cvss3_vector v3_vector_string