Vulnerabilities database import
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2022 05:40 AM
Hello,
We are working on an SecOps Vulnerability Response opportunity where customers is looking for to import vulnerability entries from following sources:
What is the best way to do it?
Thx,
Marco
- Labels:
-
Vulnerability Response

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2022 06:55 AM
Not sure I understand your question, but to bring in both a vulnerability definition database and instances of vulnerabilities on assets, the customer must implement a vulnerability scanner such as Qualys, Tenable or Rapid7.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2022 07:17 AM
Thanks Stephen. Is it possible to import vulnerability definition database without activating a scanner?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2022 08:52 AM
Yes, the vulnerability response application has a built-in integration with NIST. You should find the integration at Vulnerability Response > Administration > Integrations. Here you will see integration for NIST National Vulnerability Database Integration. This is where you activate/deactivate. Do not change in any other way.
You can read up on this on docs site. Be sure to select the correct SN app version.
https://docs.servicenow.com/bundle/rome-security-management/page/product/secops-integration-vr/nvd/concept/nvd-vuln-integration.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2022 10:48 PM
hi
I have a query . I imported vulnerabilities from an external source (say McAfee ) . Once i have the vulnerabilities imported (sn_vul_entry) , i create the vulnerable item record in the sn_vul_vulnerable_item table .
My question is , what role does the NVD play here . Will Servicenow check the vulnerability in the NVD table (sn_vul_nvd_entry) before creating the vul item ? whats the role of NVD database when i import vulnerabilities from an external source .