Stop creating CI's (Host)

chandukollapart
Tera Contributor

Hi,

 

Is there a way to stop creating CI's if those are not associated to vulnerabilities? Importing to Vulnerability response, configuration compliance. 

 

Using Qualys and Prisma (Palo) scanners

 

Any suggestions

 

Thanks.  

1 REPLY 1

Shaqeel
Mega Sage

Hi @chandukollapart 

 

This can be achieved by implementing a business rule or a script in ServiceNow.

Here's a high-level overview of how you can do this:

 

1. Create a new Business Rule or Script Include in ServiceNow.

2. In the script, check if the CI is associated with any vulnerabilities.

3. If the CI is not associated with any vulnerabilities, stop the creation of the CI.

4. If the CI is associated with vulnerabilities, allow the creation of the CI.

 

Here's a sample script that you can use as a starting point:

 

javascript

(function executeRule(current, previous /*null when async*/) {

// Query the Vulnerability table to check if the CI is associated with any vulnerabilities

 

var gr = new GlideRecord('sn_vul_vulnerable_item');

gr.addQuery('ci_item', current.sys_id);

gr.query();

 

// If the CI is not associated with any vulnerabilities, stop the creation of the CI

 

if (!gr.next()) {

current.setAbortAction(true);

gs.addErrorMessage('This CI is not associated with any vulnerabilities and cannot be created.');

} })(current, previous);

 

 

Kindly mark helpful/solution.

 

Regards

Shaqeel


***********************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting "Accept as Solution" and " Helpful." This action benefits both the community and me.

***********************************************************************************************************************





Regards

Shaqeel