Good Morning, I am trying to get the NIST National Vulnerability Database Integration - API (CVE only) to do an initial run, and while it does pull back data it constantly errors with 403 (which I am assuming is normal, giving the amount of times ...
Hi Community,Recently we have implemented Vulnerability response. There is an issue with the IT remediation workspace. In ServiceNow docs I can see remediation owner is able to view IT remediation workspace. In my PDI also same is happening. But in m...
Hello, Has anyone encountered, or is encountering continuous failed integration runs for the NIST NVD Unmapped CPE API integration? This is an integration that runs on demand after the CPE-only API has been completed successfully. Other than activati...
Is it possible to create a vulnerability manually through the UI? Not a VIT, rather an entry under "Libraries" in either NVD, CWE or third-party? Not seeing a "NEW" button out-of-the-box, or in any of the other Libraries for that matter. Has anyone h...
Hi All, Does anyone know how Business Impact (Business_criticality) on the VIT (Vulnerable item) is calculated. TIA
While doing the Bulk Edit for false positive on VIT's the state of Remediation task is coming as open.I checked in all places and I don't find any difference with respect to OOB.UI Action: "Bulk Edit"UI Page: "BulkVulnUpdateDialog"Script Include: "Vu...
We have enabled the plugin "Qualys Integration for Security Operations" and started with integration. Initially, we ran the knowledge base integration followed by knowledge backfill integration and observed that QIDs were imported successfully. When ...
Hi, Community Incorporates vulnerability information from NIST, TVM, and Tenable.The CVE on ServiceNow is marked as "Exploit exists is Yes'', but when checking the information on the main unit (for example, TVM), it may be "Exploit exists is No". Is ...
Hi all, We have an integration with Orca with our ServiceNow instance. From what we can see there is only an option to run a full import OOTB. Is there a way to do a delta import on the Orca integration to only bring in a subset of the data, like for...
Hi,We have created a Classification rule on Discovered Items that sets the classification type to External if the resource tag of discovered item(asset) contains 'External'. Does this rule runs only once or each time an asset is updated? Also if an a...
Hi All, I have installed Qualys scanner for our VR implementation. When a Vulnerable item is generated, some of the VITs have the vulnerability marked with a CVE id (Referring to NVD Record) rather than a QID, while others are tagged with a QID (Thir...
How to get only specific tags/machine tags from Microsoft defender(i.e TVM Threat and Vulnerability Management) into vulnerability response. Tried editing the integration parameter machine_filter with "onboardingStatus in ('Onboarded') and machineTa...
Hi,We have noticed that for one of the vulnerability entries in our ServiceNow instance has source risk score different from the VPR score in Tenable and Tenable.io Plugin Integration is running everyday successfully. Please assist why the source ris...
Hi All, I had requirement to build vulnerability response module. So, can some help me with these below questions:\ 1. Any course in now platform to understand this ? If any, please let me know ?2. If anyone have any documents related to this module,...
Vulnerability response has an option to create a 'Remediation Task Rule' where it groups vulnerable items (VITs) into Vulnerability groups (VULs). Hence, we assign VULs and people are working on those.However, Container Vulnerability & Application Vu...