Errors for the Vulnerability Response Integration with Claroty CTD

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Errors for the Vulnerability Response Integration with Claroty CTD

    This guide addresses common errors encountered during the use of the Vulnerability Response Integration with Claroty CTD in ServiceNow. It helps customers troubleshoot issues related to both data retrieval and data processing phases of the integration, ensuring smooth vulnerability detection and auto-closure workflows.

    Show full answer Show less

    Key Issues and Causes

    Errors are categorized based on whether they occur during data retrieval or data processing, and further divided into Vulnerability Detection and Vulnerability Auto-Closure integrations. Common causes include missing configuration parameters, invalid API responses, and permission issues.

    Vulnerability Detection Integration Errors

    • Data Retrieval Errors:
      • Missing username/password in integration configuration prevents execution.
      • REST message or REST method fields not populated on integration job record block the integration.
      • Claroty CTD server URL or detection API resource path not specified cause failures; default path is /ranger/assetswithinsights.
      • Invalid response codes (e.g., 401 Unauthorized) indicate credential issues.
      • Missing counttotal in JSON response suggests invalid payload or connectivity issues; verify MID Server access and response.json content.
    • Data Processing Errors:
      • Errors attaching response data often caused by MID Server user lacking the snvul.vrimportadmin role.
      • Null or missing Data Source attachment content may indicate API or ServiceNow issues, requiring administrator intervention.

    Vulnerability Auto-Closure Integration Errors

    • Data Retrieval Errors:
      • Similar configuration errors as in detection integration: missing username/password, REST message/method, server URL, or API resource path.
      • Invalid API response codes and missing counttotal property cause failures; verify connectivity and API response validity.
      • Errors parsing the objects array in the response body point to invalid payloads; check outbound HTTP logs for response details.
    • Data Processing Errors:
      • Failure to parse Data Dictionary JSON indicates invalid JSON payload from the Data Source attachment, often resulting from earlier errors.
      • Verify Claroty CTD instance reachability and review outbound HTTP logs to diagnose response validity.

    Practical Recommendations for ServiceNow Customers

    • Ensure all required integration configuration fields are correctly populated: username, password, REST message, REST method, server URL, and detection API resource path.
    • Validate that the MID Server user has the necessary snvul.vrimportadmin role to attach data source responses.
    • Confirm connectivity between the MID Server and the Claroty CTD instance to guarantee valid API responses.
    • Use outbound HTTP logs and examine data source attachment files (e.g., response.json) to troubleshoot invalid or missing data issues.
    • Contact administrators promptly if attachment content is null or inaccessible, as these may indicate system or API-level issues.

    You may encounter errors that need troubleshooting while you’re working with the Vulnerability Response Integration with Claroty CTD.

    Vulnerability Detection Integration (Data Retrieval)

    Error message Possible cause
    Can’t run a Claroty CTD Integration without a user name and password combo. No user name or password is present on the integration configuration.
    Can’t run integration without a REST message and REST method specified. On the Claroty CTD Integration job record, the REST message or REST method fields aren’t populated.
    Can’t run integration without Claroty CTD server URL specified. No URL is present on the integration configuration.
    Can’t run integration without the detection API resource path specified. On the integration configuration, the detection_api_resource_path parameter isn’t populated. The default is /ranger/assets_with_insights.
    Invalid response code {response code} received from Claroty CTD. The response from the Claroty API was invalid. For example, the message Invalid response code 401 is received from Claroty CTD. This invalid response code means Unauthorized and that the credentials (user name/password) are likely invalid.
    Unable to read the count_total property from JSON data. The count_total used for pagination wasn’t present in the API response. It likely means that an invalid payload was received from Claroty CTD.

    Ensure that the Claroty CTD instance is reachable through the MID Server and examine the Data Source attachment response.json file to ensure that count_total exists.

    Vulnerability Detection Integration (Data Processing)

    Error message Possible cause
    Error writing attachment. The system couldn’t attach the response data to the Data Source. Contact your administrator for further assistance.

    A common cause for this error is that the MID Server user is missing the sn_vul.vr_import_admin role.
    Attachment content is null: attachment sys_id = {sys_id}. The Data Source attachment content is null. This could indicate an issue with the Claroty API itself, or an issue in ServiceNow. Contact your administrator for further assistance.
    Couldn’t find attachment with sys_id {sys_id}. Data Source attachment wasn’t found. Follow the same procedures for the preceding error.

    Vulnerability Auto-Closure Integration (Data Retrieval)

    Error message Possible cause
    Can’t run a Claroty CTD Integration without a user name and password combo. No user name or password is present on the integration configuration.
    Can’t run integration without a REST message and REST method specified. On the Claroty CTD Integration job record, the REST message or REST method fields aren’t populated.
    Can’t run integration without Claroty CTD server URL specified. No URL is present on the integration configuration.
    Can’t run integration without the detection API resource path specified. On the integration configuration, the detection_api_resource_path parameter isn’t populated. The default is /ranger/assets_with_insights.
    Invalid response code {response code} received from Claroty CTD. The response from the Claroty API was invalid. For example, the message Invalid response code 401 is received from Claroty CTD. This invalid response code means Unauthorized and that the credentials (user name/password) are likely invalid.
    Unable to read the count_total property from JSON data. The count_total used for pagination wasn’t present in the API response. It likely means that an invalid payload was received from Claroty CTD.

    Ensure that the Claroty CTD instance is reachable through the MID Server and examine the Data Source attachment response.json file to ensure that count_total exists.
    Error parsing 'objects' array from response body. Likely means that an invalid payload was received from Claroty CTD. Ensure that the Claroty CTD instance is reachable and check Outbound HTTP Logs to see if there was a valid response.

    Vulnerability Auto-Closure Integration (Data Processing)

    Error message Possible cause
    Failed to parse the Data Dictionary JSON. The payload from the Data Source attachment was invalid JSON. Likely another error occurs before this error occurs. Ensure that the Claroty CTD instance is reachable and check Outbound HTTP Logs to see if there was a valid response.