Import applications, findings and associated application vulnerabilities from the Tenable Web application and manage them in ServiceNow Vulnerability Response.

The Tenable Web Application Scanning (Tenable.was) integration enables ServiceNow® Vulnerability Response (VR) customers to automatically import web applications and application vulnerabilities discovered through Tenable’s Dynamic Application Security Testing (DAST). This integration provides continuous visibility into web application exposure by synchronizing application metadata, vulnerability findings, and scan details from Tenable.was into dedicated ServiceNow tables.

The integration uses Tenable’s export APIs to retrieve applications and findings in chunks, ensuring scalable data ingestion even in environments with large scan volumes. Imported data is transformed into Application Vulnerable Items (AVITs), Application Vulnerability Entries, and Scan Summaries using AVR processing frameworks and CI lookup rules.

You can control whether each integration uses CI Lookup or Product Model independently, instead of using one global setting for all integrations. The "Lookup strategy" field is added to each integration's configuration.

This enables security teams to:

• Maintain a unified view of application security posture.
• Correlate Tenable WAS findings with CMDB applications.
• Prioritize remediation based on severity, CVSS, and risk indicators.
• Track dynamic scan data for each application.