Data mapping for the Vulnerability Response Integration with Claroty CTD
This section specifies how fields from the Claroty CTD API are mapped to fields in the ServiceNow tables.
Vulnerability detection data mapping
| Claroty CTD field | ServiceNow field | Notes |
|---|---|---|
| Source | Always set to Claroty CTD. | |
| Identified_on | First Found | |
| Last_updated | Last Found | |
| Status | Status | A status of 0 means Open. A status of 2 means Closed/Fixed. |
| Resource_id | Configuration item | The configuration item (CI) is set through a CI lookup rule that searches the sys_object_source table for the Resource ID. For example, 33.1. |
Vulnerability entry data mapping
Vulnerability entries are only created if an existing Common Vulnerabilities and Exposures (CVE) record is not found in the National Vulnerability Database Entry [sn_vul_nvd_entry] table. If the Claroty CTD Integration must create a CVE, it maps the following source fields listed in the table.
| Claroty CTD field | ServiceNow field | Notes |
|---|---|---|
| Cve_id | ID | Example: CVW-2017-17562 |
| Title | Summary | The integration adds [Claroty] to the Summary so that the NVD CVEs, backfilled by Claroty, are visible. For example, the [Claroty] Authentication Bypass Vulnerability in SIPROTEC. |
| Cvss | V3_base_score | |
| Published | Date_published | |
| Modified | Last_modified |