Vulnerability Scanner

Khanna Ji · ‎11-29-2018

Can we scan CIs in my CMDB without Qualys or any thrid party vulnerability scanner? Just with my vulnerability base application?

qcj3 · ‎11-29-2018

That is an excellent question. You can have the NVD and CWE scan your CI. The catch is that you must have SAM Pro purchased for your instance in order to perform this task.

https://docs.servicenow.com/bundle/london-security-management/page/product/vulnerability-response/concept/sam-nvd-vul-detection.html

I confirmed this in my personal instance. Also, my org stumbled on to this requirement in our instance. It helps us justify the need for Software Asset Management.

View solution in original post

qcj3 · ‎11-29-2018

I don't follow your question. Are you trying to obtain your list of CIs to drive the targets of your scan?

Khanna Ji · ‎11-29-2018

I have CIs in my Instance. I want to check if there are any vulnerabilities associated with those CI. Do I need a Qualys to check for vulnerabilities associated with CIs? Or Can I scan them against NVD or CWE data storied in Service now?

qcj3 · ‎11-29-2018

That is an excellent question. You can have the NVD and CWE scan your CI. The catch is that you must have SAM Pro purchased for your instance in order to perform this task.

https://docs.servicenow.com/bundle/london-security-management/page/product/vulnerability-response/concept/sam-nvd-vul-detection.html

I confirmed this in my personal instance. Also, my org stumbled on to this requirement in our instance. It helps us justify the need for Software Asset Management.

Khanna Ji · ‎11-29-2018

Perfect. ServiceNow was claiming they can scan without third party scanner just wanted to get it confirmed. I will try this on my personal insurance before going to client Instance