Vulnerability Scanner

Khanna Ji · ‎11-29-2018

Can we scan CIs in my CMDB without Qualys or any thrid party vulnerability scanner? Just with my vulnerability base application?

qcj3 · ‎11-29-2018

That is an excellent question. You can have the NVD and CWE scan your CI. The catch is that you must have SAM Pro purchased for your instance in order to perform this task.

https://docs.servicenow.com/bundle/london-security-management/page/product/vulnerability-response/concept/sam-nvd-vul-detection.html

I confirmed this in my personal instance. Also, my org stumbled on to this requirement in our instance. It helps us justify the need for Software Asset Management.

View solution in original post

ghandrick · ‎11-29-2018

I have to admit that I had missed that functionality before now. I'm interested to see how well this works in practice-- if you reconfigure a device to remediate a vulnerability, but there are no changes to the software versions, will it still show up? (aka- become a false positive.)

Otherwise, for clients with both SAM and VR, this is one more layer of assurance.

Khanna Ji · ‎11-29-2018

That's a great question. Let me try it with SAM

Khanna Ji · ‎11-29-2018

Which scanner are you using currently in your Instance of client?

ghandrick · ‎11-29-2018

I'm actively working a Tenable implementation at one client, and have two Rapid7s going as well. (We did a Qualys implementation in 2017 also.) None of these clients use SAM, though. We are trying to change that, though. 🙂

Khanna Ji · ‎11-29-2018

I am working on Qualys configuration. Thinking to provide SAM NVD configuration also. If you can remember the steps that you followed for configuration Qualys scanner, please share it with me. I can follow them to configure. And please be active on community security Operations space. We have very less people around these space and there is much more to collaborate and share. :)