Configure a Common Vulnerability Reporting Framework vendor other than Cisco

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:3分

    • Configure a Common Vulnerability Reporting Framework (CVRF) vendor other than Cisco with API support.

    始める前に

    Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin

    手順

    1. Navigate to All > Vulnerability Response > Connection & Credential > Connection & Credential Aliases.
    2. Create a record with the vendor-supported authentication type.
      For more information on how to authenticate a vendor, see Configure Connection and Credential aliases.
    3. Navigate to All > Vulnerability Response > Flow Designer.
    4. Duplicate the flow called "Advisory Parsing".
      注:
      • If any of the actions needs to be changed, copy the action and use it in the new flow.
      • Update the pagination-related logic as per the vendor
    5. If the date range parameter logic is not the same as Cisco, copy the action Update Pagination Parameters and make changes as required for the vendor.
    6. Navigate to All > Vulnerability Response > Enrichment Data Mappings.
    7. Create a record as per Cisco by changing the Property key value as per the vendor.
      This logic is for mapping required fields from an advisory payload to a ServiceNow table.
    8. Map the following API tags from API Payload.
      These tags need to be mapped with details to be filled in the Enrichment Data Mapping table. By default, the Cisco-specific mapping is shipped.
      注:
      You need to create a record if you need to configure multiple vendors that publish advisories.
      Advisory payload tag Column from table sn_vul_cvrf_solution_integration_update Description
      CVRF URL

      cvrf_url

      		 Tag name that contains the CVRF URL.
      Advisory ID (Unique key for response) Id Tag name that contains a unique identifier.
      Last modified date last_modified_date Tag name that contains the date when the record was last updated.
      securityAdvisoryIntegrationSysId integration Refers to the integration scheduled job sysId, which creates the vulnerability solution records.
    9. Based on the response format, change the logic of parsing by copying the action Retrieve List from the Advisory Parsing flow.