Configuration Compliance integrations
Third-party integrations import configuration assessment findings, policies, tests, technologies, authoritative sources, test results along with other vulnerability data into the Configuration Compliance application.
주:
Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
| Terminology prior to v14.9 | Terminology v14.9 onwards |
|---|---|
| Test Result Group | Remediation Task |
| Group Rules | Remediation Task Rules |
| Policy | Test group |
The Configuration Compliance application supports the following third-party integrations:
- Starting with v14.11, drive remediation for security gaps in your enterprise assets identified by the Security Posture Control application by publishing findings as test results in the Configuration Compliance application. The Security Posture Control application and its supported applications are available with separate subscriptions from the ServiceNow® Store. See Security Posture Control for more information.
- Microsoft Defender for Cloud Integration for Security Operations
- Palo Alto Prisma Cloud Vulnerability Integration
- Qualys integration with Configuration Compliance
- The Tenable.io product of the Tenable Vulnerability Integration
Additional notes for integrations
During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the
data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite
the timeout error. To avoid this miscommunication, starting from version 14.8.5 of Configuration Compliance, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is
updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is
also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
주:
The Last Record Processed field is updated
based on what is defined in the following system properties:
- sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
- sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.