- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-29-2018 08:05 AM
Can we scan CIs in my CMDB without Qualys or any thrid party vulnerability scanner? Just with my vulnerability base application?
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-29-2018 08:33 AM
That is an excellent question. You can have the NVD and CWE scan your CI. The catch is that you must have SAM Pro purchased for your instance in order to perform this task.
https://docs.servicenow.com/bundle/london-security-management/page/product/vulnerability-response/concept/sam-nvd-vul-detection.html
I confirmed this in my personal instance. Also, my org stumbled on to this requirement in our instance. It helps us justify the need for Software Asset Management.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-29-2018 08:16 AM
I don't follow your question. Are you trying to obtain your list of CIs to drive the targets of your scan?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-29-2018 08:25 AM

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-29-2018 08:33 AM
That is an excellent question. You can have the NVD and CWE scan your CI. The catch is that you must have SAM Pro purchased for your instance in order to perform this task.
https://docs.servicenow.com/bundle/london-security-management/page/product/vulnerability-response/concept/sam-nvd-vul-detection.html
I confirmed this in my personal instance. Also, my org stumbled on to this requirement in our instance. It helps us justify the need for Software Asset Management.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-29-2018 08:52 AM