Configure the MS TVM Vulnerability Integration using Setup Assistant

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:11分

    • Configure the Vulnerability Response integration with Microsoft Threat and Vulnerability Management (MS TVM) application, after you install it using the Setup Assistant.

    始める前に

    In addition to the instructions and prompts that are provided in Setup Assistant for the Vulnerability Response integration with Microsoft Threat and Vulnerability Management integration, do the following actions:

    Roles required: System Admin (admin) for installation, Vulnerability Admin (sn_vul.vulnerability_admin) or sn_vul.admin (deprecated), and Configure Integration (sn_vul_msft_tvm.configure_integration) for configuration

    手順

    1. Navigate to All > Vulnerability Response > Administration > Setup Assistant > Integration Configuration > Scanner Integrations.

      The Microsoft Threat & Vulnerability Management tile is displayed.

      MS TVM is a multi-source integration, which means that you can have multiple deployments of the same third-party integration. The settings from your original third-party integration are used as a template for the settings of each new integration.

      注:
      If you delete the original vulnerability integration, you have to select another integration to use as your template. Consider disabling the integration instead of deleting it. Integrations created from disabled templates are disabled by default.

      Data from each third-party integration is uniquely identified and available in a single instance of Vulnerability Response.

    2. To configure the Microsoft Threat and Vulnerability Management integration, click Edit.
    3. On the form, fill in the fields.
      表 : 1. Account Credentials form
      Field Description
      Name Name of the instance.
      TVM region Region close to your server location. Use the server nearest to your location for optimal performance of the API.
      Authentication type Method to verify the identity. User authentication controls the visibility of specific assets to specific users. MS TVM exports the device groups that are entitled for this user. The default value is Application.
      Tenant ID Tenant identity of your organization.
      Client ID Client identity that is generated after registering MS TVM in Microsoft Azure.
      Username User that has access to the complete device group. This field appears only when User is selected from the Authentication type.
      Password Password for the username that has access to the complete device group. This field appears only when User is selected from the Authentication type.
      Client secret Client secret that is generated after registering the MS TVM application. This field appears only when Application is selected from the Authentication type.
    4. To save your changes and proceed to the first integration form, click Next.
      The Vulnerabilities Import Configuration form is displayed.
    5. Enable or disable the vulnerabilities import, determine the initial start date for the vulnerabilities that you want imported, and schedule when the MS TVM Vulnerabilities import should run.
      If you want to import all the vulnerabilities, leave the initial start date blank.
      1. To import data on-demand, click Import Vulnerabilities Now.
      2. To see the integration record, click Advanced Settings.
    6. To save your changes and proceed to the first integration form, click Next.
      The Recommendations Import Configuration form is displayed.
    7. Enable or disable the recommendations import and determine the schedule when the MS TVM Vulnerabilities import should run.
      1. To import data on-demand, click Import Recommendations Now.
      2. To see the integration record, click Advanced Settings.
    8. To save your changes and proceed to the first integration form, click Next.
      The Machines Import Configuration form is displayed.
    9. Enable or disable the Machines Import, determine the initial start date for the machines that you want imported, and schedule when the MS TVM Machines import should run.
      If you want to import all the machines, leave the initial start date blank.
      注:
      Machine tags are imported by default and used for organizing and tracking the machines listed in the MS TVM environment.
      1. To display the default configuration item (CI) lookup rules, click CI Lookup rules. CI Lookup Rules define how machine data from third-party sources are used to identify Configuration Items (CI)s in the ServiceNow AI Platform CMDB. You have the option to add lookup rules or modify the default CI lookup rules on this page. For more information, see Create a Vulnerability Response CI lookup rule.
      2. To import data on-demand, click Import Machines Now.
        注:
        Machines that have the status as onboarded in MS TVM are retrieved by the ServiceNow application.
      3. To see the integration record, click Advanced Settings.
    10. To save your changes and go to the first integration form, click Next.
      The Machine Vulnerabilities Import Configuration form is displayed.
    11. Enable the following integrations and determine the initial start date for the vulnerabilities that you want imported.
      表 : 2. Machine Vulnerabilities Import Configuration form
      Integration Description
      Microsoft TVM Machine Vulnerabilities Delta Import Retrieves vulnerabilities that have been updated during the full vulnerability import, including new, fixed, and updated vulnerabilities. You can only import delta data for the past 14 days.
      Microsoft TVM Machine Vulnerabilities Full Import Retrieves all the open vulnerabilities. Due to the high volume of data import, you can schedule it to run weekly.
      注:

      Run the machines import before the Machine Vulnerabilities integration. Else, VIs are not created for the missing machines.

    12. To save your changes and complete the configuration in Setup Assistant, click Finish.

    次のタスク

    If you want to activate a vulnerable item grouping in the classic environment, navigate to > Vulnerability Response > Administration > Remediation Task Rules > Microsoft TVM Recommendation.

    In the form that is displayed, select the Active option to activate it. Alternatively, select New to create a new rule.

    For more information, see Vulnerability Response remediation tasks and remediation task rules overview.