Vulnerability Response applications and CSDM tables
The Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications manage (contribute data to) CSDM tables. These applications also use data from CSDM tables that other applications generate. Several ServiceNow products, therefore, benefit from and add value to these Security Operations applications.
CSDM tables referenced by Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications
- Host Vulnerability Response Discovered Items.
- Cloud and Container Vulnerability Response discovered images
- Application Vulnerability Response Discovered Applications (product model)
Each specific CI Record may contain non-discoverable attributes, for example, Support Group, or Classification, that are populated on the CI that can be used as input for vulnerable item assignment Rules. These attributes might be populated from Common Service Data Model (CSDM) synchronizations based on upstream Technical Service Offerings.
If you want to leverage related CSDM objects for Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications, you need to use scripted rules.
For example, to automatically assign vulnerable items for remediation using vulnerable item assignment rules, you might create a rule that leverages configuration item Classification values as they are updated on imported vulnerability entries. For this case, you need a scripted rule to query the target value you want from the related CSDM object.
Below is an example of a scripted query that you might use to see if a CI has Java and is tied to a vulnerability entry.
- The Product Model [cmdb_model] table (referenced by Application Vulnerability Response and Software Bill of Materials).
- The Application Model [cmdb_application_product_model] table (referenced by Application Vulnerability Response and Software Bill of Materials).
- The Configuration Item [cmdb_ci] table.
- The Business Service [cmdb_ci_service_business] table.
- The Service [cmdb_ci_service] table.
- CMDB Group [cmdb_group] table.
- Dynamic CI Group [cmdb_ci_query_based_service] table.
CSDM tables used by Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications
- Product Model [cmdb_model] table (used by Application Vulnerability Response and Software Bill of Materials).
- Application Model [cmdb_application_product_model] table (used by Application Vulnerability Response and Software Bill of Materials).
- The Configuration Item [cmdb_ci] table.
- Business Application [cmdb_ci_business_app] (used by Application Vulnerability Response and Software Bill of Materials).
- Business Service [cmdb_ci_service_business].
- Technical service [cmdb_ci_service_technical].
When you upload Software Bill of Materials files, the SBOM applications try to match any Product Model and Business Applications you upload to those that already exist in your CMDB. You can link application services or business applications to a product model.
Products that add value to Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications
- Third-party vulnerability scanners and integrations
-
Imported vulnerabilities from the National Vulnerability Database (NVD) and detection data from third-party scanners are reconciled with the assets in your CMDB. When an imported vulnerability matches an existing asset, a vulnerable item is created. Vulnerable items are grouped automatically into tasks for remediation, risk-scored with business context, prioritized and assigned to appropriate teams for remediation. For more information and a list of integrations see Vulnerability Response integrations.
- The CWE Comprehensive 2000 and NVD Integrations
-
Imported data from the NIST National Vulnerability Database (NVD) and Common Weakness Enumeration (CWE) integrations is used to enrich the vulnerability data in your instance and help you decide whether to escalate remediation for a vulnerability, vulnerable item, or remediation task. See Understanding the NVD integrations and Configure and run the scheduled job for updating CWE records for more information.
Products that benefit from integration with Software Bill of Materials
- Security Posture Control
-
Security Posture Control enables cybersecurity teams to get visibility into their complete enterprise asset inventory and determine their overall security posture. Policies in SPC can help you detect assets with vulnerability that you import with the Vulnerability Response applications to help you locate security tool coverage gaps.
- Governance, Risk, and Compliance
-
Connect security and IT with an integrated risk program offering continuous monitoring, prioritization, and automation.
- DevOps
-
Protect your environments from potentially harmful components during software development cycles with GitHub Actions that you initiate from your GitHub environment. Upload SBOM files to the ServiceNow AI Platform from your GitHub repositories.