Vulnerable software in Vulnerability response

Go to solution
GTSNOW
Giga Guru

‎04-10-2019 10:50 AM

i can see Vulnerability software table is keep on updating daily however i thought it shows data after qualys integration scan. I checked existing integration however it dows not have any other integration. What can be the possible cause.

Labels:
0 Helpfuls
  • 937 Views
1 ACCEPTED SOLUTION

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to GTSNOW

‎04-10-2019 11:31 AM

Hey there,

The functionality here would be to use the Vulnerable Software as reference data.  This has no relationship you Qualys scan / vulnerability detection data, and would not create a Vulnerable Item.

Given you have the Qualys integration in place, you want Qualys host detections to create VIs through the integration.

A VI would be tied to a CI from the CMDB and a Vulnerability from the Third-party library - in the case of Qualys, this would be a QID-xxxxx.   

A Vulnerability from Qualys (e.g. QID-12345) - may be associated to one or more CVEs.  Each CVE, may be associated to one or more Vulnerable Software.

However.... There is an optional configuration for Software Asset Management (SAM), where VIs would be created if you had CIs with Software populated.  The dependency here would be having rich software data on your CIs.

Since you are integrating with Qualys, you would likely not want to turn this on.

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee

‎04-10-2019 10:59 AM

Hey there - this data originates from the NVD integration.  

Check out this table -> sn_vul_m2m_entry_software

This holds the association between CVE and Vulnerable Software.

0 Helpfuls

Go to solution
GTSNOW
Giga Guru
In response to andy_ojha

‎04-10-2019 11:13 AM

Thanks but why it is not creating VI automatically. If i have data in Vulnerable software , is it possible to create VI automatically.
0 Helpfuls

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to GTSNOW

‎04-10-2019 11:31 AM

Hey there,

The functionality here would be to use the Vulnerable Software as reference data.  This has no relationship you Qualys scan / vulnerability detection data, and would not create a Vulnerable Item.

Given you have the Qualys integration in place, you want Qualys host detections to create VIs through the integration.

A VI would be tied to a CI from the CMDB and a Vulnerability from the Third-party library - in the case of Qualys, this would be a QID-xxxxx.   

A Vulnerability from Qualys (e.g. QID-12345) - may be associated to one or more CVEs.  Each CVE, may be associated to one or more Vulnerable Software.

However.... There is an optional configuration for Software Asset Management (SAM), where VIs would be created if you had CIs with Software populated.  The dependency here would be having rich software data on your CIs.

Since you are integrating with Qualys, you would likely not want to turn this on.

0 Helpfuls

Go to solution
Syam4
Kilo Contributor

‎06-13-2022 06:54 AM

One source could be data being imported as part of 'NIST National Vulnerability Database Integration - API (CVE and CPE)' OOTB Scheduled Job.

0 Helpfuls