Vulnerability Response - how to create a new detection key?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2024 11:42 PM
Hello!
I'm working on custom integration with 3rd party scanner and from what I read on docs, all 3rd party scanners have their detection key specified. How can I configure a new detection key for my custom integration?
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2024 09:30 AM
Hi @Joanna17
is this what you are asking ?
PaulSylo
Kindly mark "helpful", if this helps, or Mark as "Accepted " if it solves your issues !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2024 02:04 AM
That's right

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2024 06:51 AM
Hey there,
You would first really need to have a true "Integration Source" for VR for your integration at hand.
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1271280
Suggest going through the VR Integration Guide to get that part of the foundation going.
The Detection keys are purposely locked down - but to add a new one, you could de-activate the Create ACL on that table (sn_vul_detection_key_config) and create a new one for your new Integration Source.
Then create a new Detection key record for your integration.
Once you are done, for completeness, it'd be best to go back and re-activate that Create ACL (reverting your customization).
Attribute name |
Description |
Source |
Value of the source field that will be populated in the VI and Detections tables. |
Source integration |
Select the Third-Party Integration Record related to this new Integration. |
Update status |
This will be set to Complete. If the detection key change needs to be applied to existing detections, the detection key will be created in Pending Status and will be updated to Complete after the data is updated using a scheduled job. |
Vulnerability |
Select if the vulnerability needs to be a part of the detection key. |
Port |
Select if the port needs to be a part of the detection key.
|
Protocol |
Enable this option if the protocol must be a part of the detection key. |
Asset ID |
Enable this option if the asset id must be a part of the detection key. This is the unique asset identifier based on the source data. In VR, this is stored in the source_id field in the Discovered Items table. |
Proof |
Enable this option if the vulnerability must be a part of the detection key. |