Hi,We have only one CI under discovered items table with unmatched CI class, able to access/open the record from discovered items table. Can see the record on list view of cmdb_ci table, but it says record not found when trying to open it from the sa...
Are there future plans to create integrations for CSAF(Common Security Advisory Framework) JSON format since the CVRF(Common Vulnerability Reporting) XML format has been superceded by CSAF?
We've created some exception rules to catch any new VIT's that come from from Exceptions that were already entered and approved, but it doesnt seem to catch new VIT's. Should exception rules be catching anything new, or does it only apply to existi...
We are using the Vulnerable Item application in the VR module, which receives data from Qualys. One of the fields in the data is "Configuration item," which contains the name of the server or asset. The requirement is to associate the server/asset na...
Hello, the client has some Unmatched Discovered Items in ServiceNow but the CI Matching Rule is populated nonetheless. How is that possible? "Unmatched" should mean the asset wasn't matched to any CI by any of the CI Lookup Rules? Does anybody know, ...
Good Morning, I am trying to get the NIST National Vulnerability Database Integration - API (CVE only) to do an initial run, and while it does pull back data it constantly errors with 403 (which I am assuming is normal, giving the amount of times ...
Hi Community,Recently we have implemented Vulnerability response. There is an issue with the IT remediation workspace. In ServiceNow docs I can see remediation owner is able to view IT remediation workspace. In my PDI also same is happening. But in m...
Hello, Has anyone encountered, or is encountering continuous failed integration runs for the NIST NVD Unmapped CPE API integration? This is an integration that runs on demand after the CPE-only API has been completed successfully. Other than activati...
Hello all - Vulnerability Response admin here - We have implemented the SCAN COVERAGE CONFIGURATION option. Of course, the first question we get asked is - 'what's the difference' - i.e., what aren't' we scanning?In the above example - what are th...
Is it possible to create a vulnerability manually through the UI? Not a VIT, rather an entry under "Libraries" in either NVD, CWE or third-party? Not seeing a "NEW" button out-of-the-box, or in any of the other Libraries for that matter. Has anyone h...
Hi All, Does anyone know how Business Impact (Business_criticality) on the VIT (Vulnerable item) is calculated. TIA
While doing the Bulk Edit for false positive on VIT's the state of Remediation task is coming as open.I checked in all places and I don't find any difference with respect to OOB.UI Action: "Bulk Edit"UI Page: "BulkVulnUpdateDialog"Script Include: "Vu...
Hello, I'm trying to locate a UI Action called "Create group from filter" but have been unsuccessful so far. The condition of the action is RP.isRelatedList() && gs.nil(parent) && gs.hasRole("sn_vul.write_all") which would make it available if the VI...
We have enabled the plugin "Qualys Integration for Security Operations" and started with integration. Initially, we ran the knowledge base integration followed by knowledge backfill integration and observed that QIDs were imported successfully. When ...
Hi, Community Incorporates vulnerability information from NIST, TVM, and Tenable.The CVE on ServiceNow is marked as "Exploit exists is Yes'', but when checking the information on the main unit (for example, TVM), it may be "Exploit exists is No". Is ...
