Create a custom integration to import third party vulnerability scan results into ServiceNow as VI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2023 02:32 PM
Hello Everyone,
I am new to ServiceNow Secops. I have a requirement to Create a Custom app and create a custom integration to import third-party Vulnerability scan results into ServiceNow as Vulnerability item.
Here is the requirement.
Create a custom integration to import third party vulnerability scan results into ServiceNow as
Vulnerable items.
NOTE :
a. Configuration should align with ServiceNow Vulnerability integration framework
including all best practices.
b. Source data can be mocked from any third party tools or raw JSON format.
c. Vulnerable items should be created based on IP address and Vulnerability(third
party source/NVD) combo
d. Store scan ID in a separate field called Correlation ID and populate the source
info on Source field.
Hoping get some help.
Regards,
Jitendra
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2023 10:22 PM
HI @jitendrag ,
I trust you are doing great.
Create a Custom App: a. Log in to your ServiceNow instance as an administrator. b. Navigate to the "Studio" application. c. Click on "Create Application" and provide a name for your custom app. d. Follow the prompts to create the custom app and configure its settings.
Set up the Integration: a. Determine the format of the third-party vulnerability scan results (e.g., JSON). b. Create a new table in ServiceNow to store the imported Vulnerability items. You can do this by navigating to "System Definition" -> "Tables" and clicking on "New". c. Define the fields in the new table, including IP address, Vulnerability, Correlation ID, and Source. d. Create a script to handle the integration. Here's an example in Javascript:
// Assuming you have a JSON object containing the vulnerability scan results
var scanResults = {
"results": [
{
"ip": "192.168.0.1",
"vulnerability": "CVE-12345",
"source": "Third Party Tool",
"scanId": "123456"
},
// Add more results here
]
};
// Iterate through the scan results and create Vulnerability items
for (var i = 0; i < scanResults.results.length; i++) {
var result = scanResults.results[i];
// Create a new record in the custom table for each Vulnerability item
var vulnerabilityItem = new GlideRecord('your_custom_table_name');
vulnerabilityItem.initialize();
vulnerabilityItem.ip_address = result.ip;
vulnerabilityItem.vulnerability = result.vulnerability;
vulnerabilityItem.correlation_id = result.scanId;
vulnerabilityItem.source = result.source;
vulnerabilityItem.insert();
}Was this answer helpful?
Please consider marking it correct or helpful.
Your feedback helps us improve!
Thank you!
Regards,
Amit Gujrathi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-28-2023 12:38 PM
Hi @Amit Gujarathi ,
Hope you are doing well.
I got the results. But the integration is keep on running which i have stop it manually. Please find the attached Screen shoot and help with it.
