K20 Lab 3019 Improve Security with Vulnerability Management

Every new comment posted here sends email notification. Can you stop that please?

At the bottom of the email there is a link to disable notifications.

I wish there was an easier way.  

Thanks Scott!

Any documentation or Knowledge base link to integrate with Qualys?

https://docs.servicenow.com/bundle/orlando-security-management/page/product/secops-integration-vr/qu...

Thank You!

Keri,

Lots of good advice presented here. Ideally your daily, weekly, monthly "routine" patching processes can be turned into vulnerability groups. In fact you should re-imagine your current processes to utilize the increased capabilities available to you in our solution.

Generally speaking, you should not have to create new vulnerability groups very often, once you have been using Vulnerability Response for a while. An example of a non-routine process requiring a new group might be something like WannaCry that comes along. You'd want to react very quickly, by identifying your vulnerabilities and deciding which systems you want to patch; critical vs. important but secondary, etc. then initiating the workflow, but this is a case where I'd expect you would patch 100% of systems even those in non-prod.

You would do this by creating a new group consisting of all the vulnerabilities. You can use the condition builder to select vulnerability item records that reference the WannaCry CVEs (easily identified with a quick Google search or check the National Vulnerability Database, a group of all the WannCry vulns for a patching cycle that includes critical systems, etc.). Have a look at the Vulnerability Crisis Workflow - you'd likely want to use something like this for the emergency change.

--Hollywood

Jaiganesh, vulnerability scans look for known vulnerabilities in your enviromment and report potential exposures. Penetration tests are intended to exploit weaknesses in the architecture of your network and determine the degree to which a malicious attacker can gain unauthorized access to your assets. (Credit: Google search.)

Vulnerabilities map to CVEs and patches, which map to specific work that is assigned and performed. Pen testing is more nebulous. e.g. Make this network architecture change, swap out this firewall, add this new network detection solution, reconfigure these rules. While you could manually create records in Vulnerability Response and manually close them out, it would be difficult to fully automate the process. Also your pen test result count should be fairly low, compared to thousands, hundreds of thousands, or even millions of vulnerabilities or more that may be uncovered by a scanner. A better method would be to address through a project and/or Change Management.

--Hollywood

I have the https://developer.servicenow.com/connect.do#!/event/knowledge2020/LAB3019 lab guide. Where can I get the slide deck used for the presentation?

They will be available through Now Learning in a few weeks.

How long will the labs be available?

Labs will be available for another 30 minutes after the session ends at the top of the hour for people needing extra time

Another note - this lab will be available in Now Learning next week. If you want to come back and run it again, you will be able to do so.

In addition to the 30 minutes, this lab (and all the other K20 labs) will be posted in Now Learning next week. You will be able to access them and run thru the lab again if you want to.

Will attendees be notified of the posted presentation? Will we need to search NowLearning each week for it?