Vulnerable item Rescan functionality not showing results real time.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thursday
Hi, I read that when we manually rescan a Vulnerable Item, the result is imported in the next integration run.
Is there a way that the Rescan UI Action can show the Vulnerable item is fixed or not in real time?
If there needs to be customizations, what could it be?
Please help if you have any ideas.
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday - last edited Friday
Your understanding is correct. OOB when you manually trigger a rescan for a Vulnerable Item the action is asynchronous. SNOW initiates an on-demand scan request with the integrated vulnerability scanner (such as Qualys, Tenable, or Rapid7), but it does not wait for the results in real-time. The status of the VI is updated only after the scan is complete and the results are imported during the next scheduled integration run. This is because scans can take several minutes or longer to complete.
You can either extend the OOB rescan functionality or create an entirely new custom module for the rescan.
First, you need to identify which APIs are used in the rescan process, particularly the one that fetches the scan status. The required APIs may differ depending on the scanner tool integrated with the VR application. After identifying the necessary APIs, you can use them to create the REST messages, flows, and other required components.
We built a custom rescan module for Tenable.sc using its API. This module allows users to launch scans through ServiceNow, fetch the results, and update the status of the VIs.
Regards
----
If this response was helpful, please select "Accept as Solution" and "Helpful." This helps both the community and me.
