Configure a Common Security Advisory Framework vendor other than Red Hat

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Configure a Common Security Advisory Framework (CSAF) vendor other than Red Hat with API support.

    Before you begin

    Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin

    Procedure

    1. Navigate to All > Vulnerability Response > Connection & Credential > Connection & Credential Aliases.
    2. Create a record with the vendor-supported authentication type.
      For more information on how to authenticate a vendor, see Configure Connection and Credential aliases for the Common Security Advisory Framework (CSAF).
    3. Navigate to All > Vulnerability Response > Flow Designer.
    4. Duplicate the flow called "Advisory Parsing".
      Note:
      • If any of the actions needs to be changed, copy the action and use it in the new flow.
      • Review the page_index_key and page_size_key parameters as per the vendor API.
      • Update the pagination-related logic as per the vendor
    5. If the date range parameter logic is not the same as Red Hat, copy the action Update Pagination Parameters and make changes as required for the vendor.
    6. Navigate to All > Vulnerability Response > Enrichment Data Mappings.
    7. Create a record as per Red Hat by changing the Property key value as per the vendor.
      This logic is for mapping required fields from an advisory payload to a ServiceNow table.
    8. Map the following API tags from API Payload.
      These tags need to be mapped with details to be filled in the Enrichment Data Mapping table. By default, the Red Hat specific mapping is shipped.
      Note:
      You need to create a record if you need to configure multiple vendors that publish advisories.
      Advisory payload tag Column from table sn_vul_cvrf_solution_integration_update Description
      CSAF URL (Resource URL pointing to CSAF Payload)

      cvrf_url

      		 Tag name that contains the CSAF URL.
      Advisory ID (Unique key for response) Id Tag name that contains a unique identifier.
      Last modified date last_modified_date Tag name that contains the date when the record was last updated.
      csaf (Static Value) advisory_format Advisory format value for CSAF payloads. Note that this is a static value applicable for all of the CSAF Integrations.
      securityAdvisoryIntegrationSysId integration Refers to the integration scheduled job sysId, which creates the vulnerability solution records.
    9. Based on the response format, change the logic of parsing by copying the action Retrieve List from the Advisory Parsing flow.