Integrating Container Vulnerability Response with other applications

Xanadu Security Management

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Security Management

ft:clusterId

security

bundleId

security

workflow

Technology

Integrating Container Vulnerability Response with other applications

Release version: Xanadu

Updated August 1, 2024

1 minute to read

Extend the capabilities of Container Vulnerability Response by integrating with other applications.

Container Vulnerability Response integrates with container security products to pull vulnerability data for those images which are deployed to runtime. It then enriches the vulnerability data with the runtime contextual information such as hosts, Kubernetes clusters, services, and namespaces where these container images are deployed. With ServiceNow’s Kubernetes discovery, you can see the references created from vulnerabilities to the relevant Kubernetes entities in your Configuration Management Database (CMDB). In addition to enriching the metadata, ServiceNow also offers a comprehensive reporting dashboard to provide insights into the vulnerability and remediation trends.

Container Vulnerability Response provides integrations with the following applications:

Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute integration
Understanding the Atlassian Jira integration with Vulnerability Response
Important:
In the Vulnerability Manager Workspace, you can create an agile issue manually using the list action and form action to track the remediation of CVITs and RTs.

Additional notes for integrations

During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 2.1.2 of Container Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.

Note:

The Last Record Processed field is updated based on what is defined in the following system properties:

sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.