Linking asset data to CVE in VR&OTVR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2023 04:09 AM
Hi, anyone
I'm triyng to sell OTM to customer but they already have security tool which provides detect asset in factory but not
provide CVE info.
As you may know, OTVR can have vulnerability Item by connecting asset and CVE using Service Graph Connector or Excel import.
However in above case, OTVR can't perform perfectory because that security tool doesn' t provide CVE info.
So here is my question.
Is it possible to link CVE, which can be retrieved from NIST, to asset data in ServiceNow automatically?
Briefly, I want to know if there is any way to link CVE data in ServiceNow to asset data in ServiceNow, if possible, automatically?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-28-2023 01:12 AM
ServiceNow doesn't automatically detect the vulnerabilities (CVEs) on the assets.
However, the customer can use exposure assessment through which the exposure can be identified for the software or the CPEs associated with the CVE (which is brought in by the NIST NVD Integration).
Product Documentation: https://docs.servicenow.com/bundle/vancouver-security-management/page/product/vulnerability-response...
Currently, there is a system property (sn_vul_analyst.enable_exposure_for_cisa) through which the exposure is automatically calculated for the CISA exploited vulnerabilities.
Hope this helps.