What happens to Vulnerable Items without detection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2023 09:13 PM
We have recently upgraded from 'Tenable-built' VR integration to the 'ServiceNow-built' Vulnerability Response Integration with Tenable.
The latter (ServiceNow-built app) is now using detections but the former (Tenable-built app) is not using it. My question would be, how will the VITs without detections be closed in the new tenable integration?
I have observed that it's been two months and those VITs are still in the open state. Can you help me know how to handle these old VITs without detection?
Any insight/help will be highly appreciated. Thank you.
- Labels:
-
Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2023 07:14 AM
Hi Gilbert,
I'm presuming that the Tenable integration VIT records are redundant to ServiceNow integration VIT?
As I'm not sure if the Tenable version creates Discovered Items, I'm not sure if the OOB auto-close functionality will work, but if you have Discovered Items from Tenable, you may be able to use the auto-closed functionality based on the Asset Last Scanned value. Note setting this would impact ServiceNow generated VIT as well. Here's a reference: https://docs.servicenow.com/bundle/vancouver-security-management/page/product/vulnerability-response...
More likely, you might have to run a fix script such as below to Close the Tenable generated VIT (please do you own testing).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You could then also use Auto-Delete rules to remove them from the system by creating a unique rule: https://docs.servicenow.com/bundle/vancouver-security-management/page/product/vulnerability-response....
This would be how I would approach it.
Good luck,
Aaron
