- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2023 06:20 AM
Good Morning,
I am trying to get the NIST National Vulnerability Database Integration - API (CVE only) to do an initial run, and while it does pull back data it constantly errors with 403 (which I am assuming is normal, giving the amount of times the NIST database is getting hit). But it eventually errored out. Error: Invalid response code received from NVD: 0
The question is - has anyone got this out of the box integration to work? If so, is there a time its best to run at? Or am I missing something altogether. I followed the instructions provided by ServiceNow.
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2023 08:48 AM - edited 10-31-2023 08:49 AM
Hey there,
Have run into this stubborn behavior as well, and you are on the right track.
1) Changing the default time the NVD job runs at, does seem to improve this and minimize the 403 replies we get
- Really seems like making requests at any time that is not the default provides some relief
2) Are you using a valid NVD API key?
- Though, it is technically *optional*, if we make API requests to the NVD without an API key, the rate limiting they impose is much more aggressive
- Using a valid API key greatly reduces the errors / failed responses we see
3) What version of the ServiceNow Store App for NVD are you using?
- The latest version of the Store App (1.3.3) use the brand new v2 API that the NVD has
- Moving to the v2 API has also greatly reduced the errors seen in the API responses received
--------------------------------------------------------
Reference - Adding an API Key for NIST NVD Integration
Grab a NIST API key here -> https://nvd.nist.gov/developers/request-an-api-key
Append it to the Password Value under the 'National Vulnerability Database' Integration Source

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2023 08:48 AM - edited 10-31-2023 08:49 AM
Hey there,
Have run into this stubborn behavior as well, and you are on the right track.
1) Changing the default time the NVD job runs at, does seem to improve this and minimize the 403 replies we get
- Really seems like making requests at any time that is not the default provides some relief
2) Are you using a valid NVD API key?
- Though, it is technically *optional*, if we make API requests to the NVD without an API key, the rate limiting they impose is much more aggressive
- Using a valid API key greatly reduces the errors / failed responses we see
3) What version of the ServiceNow Store App for NVD are you using?
- The latest version of the Store App (1.3.3) use the brand new v2 API that the NVD has
- Moving to the v2 API has also greatly reduced the errors seen in the API responses received
--------------------------------------------------------
Reference - Adding an API Key for NIST NVD Integration
Grab a NIST API key here -> https://nvd.nist.gov/developers/request-an-api-key
Append it to the Password Value under the 'National Vulnerability Database' Integration Source
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2023 08:26 AM
Thanks! This is awesome! I like servicenow's documentation, but sometimes it does seem a bit lacking. (though same can be said about all documentation!)