Vulnerability Scanner

Khanna Ji
Tera Guru

Can we scan CIs in my CMDB without Qualys or any thrid party vulnerability scanner? Just with my vulnerability base application?

1 ACCEPTED SOLUTION

That is an excellent question.  You can have the NVD and CWE scan your CI.  The catch is that you must have SAM Pro purchased for your instance in order to perform this task. 

 

https://docs.servicenow.com/bundle/london-security-management/page/product/vulnerability-response/concept/sam-nvd-vul-detection.html

I confirmed this in my personal instance. Also, my org stumbled on to this requirement in our instance.  It helps us justify the need for Software Asset Management.

View solution in original post

9 REPLIES 9

qcj3
Kilo Guru

I don't follow your question.  Are you trying to obtain your list of CIs to drive the targets of your scan?

I have CIs in my Instance. I want to check if there are any vulnerabilities associated with those CI. Do I need a Qualys to check for vulnerabilities associated with CIs? Or Can I scan them against NVD or CWE data storied in Service now?

That is an excellent question.  You can have the NVD and CWE scan your CI.  The catch is that you must have SAM Pro purchased for your instance in order to perform this task. 

 

https://docs.servicenow.com/bundle/london-security-management/page/product/vulnerability-response/concept/sam-nvd-vul-detection.html

I confirmed this in my personal instance. Also, my org stumbled on to this requirement in our instance.  It helps us justify the need for Software Asset Management.

Perfect. ServiceNow was claiming they can scan without third party scanner just wanted to get it confirmed. I will try this on my personal insurance before going to client Instance