vulnerable Item to be Imported by Wiz Integration for Security Operations

Ohki_Yamamoto
Tera Guru

Wiz Integration for Security Operations will be used to import vulnerability information from Wiz to ServiceNow.

 

Vulnerability information captured using the above plug-ins will be included in ServiceNow's SeqOps-VR,
・VI: Vulnerability matching items [sn_vul_vulnerable_item]
・AVI: Application vulnerability matching item [sn_vul_app_vulnerable_item]
・CVIT: Container vulnerability matching item

Which table will be managed?

 

3 REPLIES 3

Dhanraj B
Tera Expert

Hi @Ohki_Yamamoto ,

 

As per my understanding, every imports will first come into the "sn_vul_detection" table. The tables you mentioned each serves different purposes. But still not able to understand. Can you tell me more what exactly the question is?

 

Regards,

Dhanraj.

Rajesh Chopade1
Mega Sage

Vulnerability matching items [sn_vul_vulnerable_item] :- This table stores information about vulnerable items (such as assets, services, or other entities) that are vulnerable to specific vulnerabilities. When vulnerability data is imported from Wiz, this table would be used to store the matching items (like affected assets or services) that have vulnerabilities.

 

Application vulnerability matching item [sn_vul_app_vulnerable_item] :- This table is specifically used to store vulnerable items related to applications (e.g., web applications, middleware, etc.). It handles the mapping of vulnerabilities to specific applications.

 

Container vulnerability matching item :- This table stores vulnerabilities associated with containers (e.g., Docker containers, Kubernetes pods). When the Wiz integration identifies vulnerabilities in containerized environments, such as Docker containers or Kubernetes pods, this table will be used to record the related vulnerabilities for those containers.

 

Each of these tables will ensure that the vulnerability data is organized by the type of asset it affects.

 

I hope my answer helps you to resolve your issue, if yes please mark my answer helpful and correct.

thank you

Rajesh

 

Ohki_Yamamoto
Tera Guru

Thank you very much.


I would like to confirm which of the following types of vulnerability matching items are managed for vulnerability information imported from Wiz in a coordinated manner.


・VI: Vulnerable Item [sn_vul_vulnerable_item]
・AVI: Application Vulnerable Item [sn_vul_app_vulnerable_item]
・CVIT: Container Vulnerable Item

I believe that the table stored does not change depending on the vulnerability captured and the CI matched by CI Look UP.