Hey there,
You would first really need to have a true "Integration Source" for VR for your integration at hand.
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1271280
Suggest going through the VR Integration Guide to get that part of the foundation going.
The Detection keys are purposely locked down - but to add a new one, you could de-activate the Create ACL on that table (sn_vul_detection_key_config) and create a new one for your new Integration Source.
Then create a new Detection key record for your integration.
Once you are done, for completeness, it'd be best to go back and re-activate that Create ACL (reverting your customization).
|
Attribute name |
Description |
|
Source |
Value of the source field that will be populated in the VI and Detections tables. |
|
Source integration |
Select the Third-Party Integration Record related to this new Integration. |
|
Update status |
This will be set to Complete. If the detection key change needs to be applied to existing detections, the detection key will be created in Pending Status and will be updated to Complete after the data is updated using a scheduled job. |
|
Vulnerability |
Select if the vulnerability needs to be a part of the detection key. |
|
Port |
Select if the port needs to be a part of the detection key.
|
|
Protocol |
Enable this option if the protocol must be a part of the detection key. |
|
Asset ID |
Enable this option if the asset id must be a part of the detection key. This is the unique asset identifier based on the source data. In VR, this is stored in the source_id field in the Discovered Items table. |
|
Proof |
Enable this option if the vulnerability must be a part of the detection key. |
