Stop creating CI's (Host)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2024 06:42 AM - edited 01-29-2024 07:03 AM
Hi,
Is there a way to stop creating CI's if those are not associated to vulnerabilities? Importing to Vulnerability response, configuration compliance.
Using Qualys and Prisma (Palo) scanners
Any suggestions
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2024 07:07 AM
This can be achieved by implementing a business rule or a script in ServiceNow.
Here's a high-level overview of how you can do this:
1. Create a new Business Rule or Script Include in ServiceNow.
2. In the script, check if the CI is associated with any vulnerabilities.
3. If the CI is not associated with any vulnerabilities, stop the creation of the CI.
4. If the CI is associated with vulnerabilities, allow the creation of the CI.
Here's a sample script that you can use as a starting point:
javascript
(function executeRule(current, previous /*null when async*/) {
// Query the Vulnerability table to check if the CI is associated with any vulnerabilities
var gr = new GlideRecord('sn_vul_vulnerable_item');
gr.addQuery('ci_item', current.sys_id);
gr.query();
// If the CI is not associated with any vulnerabilities, stop the creation of the CI
if (!gr.next()) {
current.setAbortAction(true);
gs.addErrorMessage('This CI is not associated with any vulnerabilities and cannot be created.');
} })(current, previous);
Kindly mark helpful/solution.
Regards
Shaqeel
***********************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting "Accept as Solution" and " Helpful." This action benefits both the community and me.
***********************************************************************************************************************
Regards
Shaqeel