Vulnerability Response - how to create a new detection key?

Joanna17
Tera Contributor

Hello! 

 

I'm working on custom integration with 3rd party scanner and from what I read on docs, all 3rd party scanners have their detection key specified. How can I configure a new detection key for my custom integration? 

 

Thanks,

3 REPLIES 3

PaulSylo
Tera Sage
Tera Sage

Hi @Joanna17 

 

is this what you are asking ?

 

PaulSylo_0-1731519043177.png

 

Regards,
PaulSylo

Kindly mark "helpful", if this helps, or Mark as "Accepted " if it solves your issues !

That's right

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there,

You would first really need to have a true "Integration Source" for VR for your integration at hand.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1271280

 

Suggest going through the VR Integration Guide to get that part of the foundation going.

The Detection keys are purposely locked down - but to add a new one, you could de-activate the Create ACL on that table (sn_vul_detection_key_config) and create a new one for your new Integration Source.

andy_ojha_0-1732718889334.png

 

Then create a new Detection key record for your integration.

 

Once you are done, for completeness, it'd be best to go back and re-activate that Create ACL (reverting your customization).

 

Attribute name 

Description 

Source 

Value of the source field that will be populated in the VI and Detections tables. 

Source integration 

Select the Third-Party Integration Record related to this new Integration. 

Update status 

This will be set to Complete.  

If the detection key  change needs to be applied to existing detections, the detection key will be created in Pending Status and will be updated to Complete after the data is updated using a scheduled job. 

Vulnerability 

Select if the vulnerability needs to be a part of the detection key. 

Port 

Select if the port needs to be a part of the detection key. 

 

Protocol 

Enable this option if the protocol must be a part of the detection key. 

Asset ID 

Enable this option if the asset id must be a part of the detection key. This is the unique asset identifier based on the source data. In VR, this is stored in the source_id field in the Discovered Items table. 

Proof 

Enable this option if the vulnerability must be a part of the detection key.