Import Common Security Advisory Framework data through file import

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Import a CSAF file to view data in the CSAF format. Importing is a one-time activity.

    Avant de commencer

    Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin

    Pourquoi et quand exécuter cette tâche

    Once imported, a queue entry is created with an attachment, which gets parsed when the entry is processed. The data is then populated in the respective tables. Before parsing the CSAF data, a scanner-mapping record is created based on configuration. Then, the scanner-mapping data is transformed to vendor-mapping data.

    Scanner mapping isn't applicable for National Vulnerability Database (NVD) based vulnerabilities, which are vulnerabilities with a Common Vulnerability Entry (CVE) in the NVD database.

    If you only have one highest superseding solution and it rolls down to the vulnerable items, then the preferred solution gets populated. When there are multiple vendor solutions included in one NVD entry, the preferred solution isn't populated because there's more than one highest superseding solution. In this case, you must manually select a solution. For third-party vulnerabilities, the preferred solution gets populated only if you add the corresponding scanner mapping.

    Procédure

    1. Navigate to All > Vulnerability Response > Administration > Setup Assistant > Integration Configuration > Solution Integrations > Common Security Advisory Framework.
    2. Select Import File.
      Remarque :
      You can upload only one JSON file at a time with a maximum file size of 15 MB.
    3. In the Name field, enter a unique name for the integration.
      The scheduler is created with this name.
    4. In the Vendor field, enter the name of the vendor.
      The Source field of the solutions is populated with the vendor name.
    5. Select Finish.

    Résultats

    An import queue is created. Select the link in the info bar to view the queue entries for the vendor along with the related list. You can also view the status of the job.

    After the data is imported to the CSAF format, the data is processed in the following way:
    1. When the queue gets processed, the file is parsed with a dedicated data source.
    2. Once the processing gets completed, the application log is updated.
    3. Once the CSAF JSON file is parsed, it populates the following tables in the ServiceNow® Vulnerability Response application.
      • sn_vul_solution
      • sn_vul_m2m_vulnerability_solution
      • sn_vul_nvd_entry
      • sn_vul_software
      • sn_vul_product_category

    You can see the detailed information related to errors or exceptions in the Application logs.