Install the supported applications for Security Posture Control

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 10분

    • The applications required for this integration are available on the ServiceNow Store. Some applications have dependencies that you must download and install separately.

    시작하기 전에

    Role required: admin for download, installation, and activation of all applications.

    프로시저

    1. Download the required applications from the ServiceNow Store into your ServiceNow instance.

      The Security Posture Control (SPC Core) application provides the core framework and is required for Asset Security Posture Management (ASPM). The Configuration Compliance application and its dependencies permit you to create remediation tasks for the security control gaps you find using Asset Security Posture Management.

      표 1. Asset Security Posture Management applications
      Application App ID
      Asset Security Posture Management (Plugin id: sn_sec_caasm)
      ITOM Discovery License (Plugin id: com.snc.itom.discovery.license)
      Security Posture Control Core (Plugin id: sn_sec_spc_core)
      Mitigation Controls Monitoring (Plugin id: sn_sec_mit_ctr)
      Configuration Compliance (includes child app secops_shared_components)  (Plugin id: sn_vulc)
      Vulnerability Response Licensing and Usage (Plugin id: sn_vul_licensing)
      표 2. Cloud Security Posture Management applications
      Application App ID
      Discovery Plugin (Plugin id: com.snc.discovery)
      Cloud Configuration Governance (Plugin id: sn_itom_ccg)
      CCG Content Pack (Plugin id: sn_itom_ccg_cp)
      CMDB CI Class Models (Plugin id: sn_cmdb_ci_class)
      Cloud Action Library (Plugin id: com.sn.itom.cal)
      표 3. Required applications for the SPC Connector Framework
      Application Application ID and version
      Security Posture Control API Connectors sn_spc_cxf v1.0.3
      Security Posture Control sn_sec_spc_core v6.3.2
      Asset Security Posture Management sn_sec_caasm v5.4.1
      Mitigation Controls Monitoring sn_sec_mit_ctrl v4.1.0
      표 4. Plugin dependencies
      Plugin Plugin ID
      ServiceNow IntergationHub Action Template - Data Stream com.glide.hub.action_type.datastream

      See Creating your own API connectors in Security Posture Control for more information.

      For more information about downloading and activating applications, see the following topics:
    2. After you have downloaded the applications, navigate to All > System Applications > All Available Applications > All.
    3. Locate the applications that you downloaded and select Install to activate them along with their dependencies.
      Any dependency applications that are also installed automatically along with an application are displayed in the Application installation dialog. However, if you are prompted to install dependency plugins during the installation, follow the prompts provided. Verify you have all the applications and dependencies listed in the previous table installed and activated.

      A dialog is displayed after an application is successfully activated.

      For more information about downloading and installing applications from the ServiceNow Store:
    4. After you have installed and activated the applications, assign users to the following Security Posture Control groups:

      These groups inherit all the roles necessary to read and edit SPC records.

      SPC Admin Group
      Users in this group have full read and write access to all the records for the product, including licensing information. Granular roles for this group include: [sn_sec_caasm.analyst, sn_sec_caasm.caasm_security_admin, and sn_sec_spc_core.configure].
      SPC Analyst Group
      Users in this group have full read and write access to all the records for the product but cannot view licensing information. Granular roles for this group include [pa_power_user and sn_sec_spc_core.analyst].
      SPC Analyst Read Only Group
      Users in this group have full read access to all the records for the product but cannot view licensing information. Granular roles for this group include [pa_power_user, sn_sec_spc_core.analyst_read, sn_sec_caasm.read, and cmdb_ms_user].
      Supporting application roles
      The following roles are required by the applications listed in the preceding table that support SPC and Asset Security Posture Management.
      • Configuration Compliance Admin [sn_vulc.admin] - Configures the Configuration Compliance application, has visibility to all records, and can modify properties. Assigns roles in the Configuration Compliance application.
      • Vulnerability Response Admin [sn_vulc.admin] - Configures the Vulnerability Response application and the vulnerability risk calculators.
      • MID Server [mid_server] - Configures a MID Server.
    5. Set the glide.identification_engine.multisource_enabled system property to true.
      Security Posture Control relies on data from service graph connectors that is populated in the CMDB 360 Data [cmdb_multisource_data] table. This data is populated only when the glide.identification_engine.multisource_enabled system property is set to true. You must have the cmdb_ms_admin role to modify property values. To set the property, navigate to All > Configuration > CMDB 360 Properties.
    6. 옵션: Set the ignoreCIClass [sn_sec_cmn.ignoreCIClass] system property to ignore some configuration item (CI) classes when running CI Lookup Rules.

      As an SPC Admin and SPC Analyst, you might need to ignore certain hardware or virtual classes so that you do not ingest information about assets you do not want to control. See Create a Vulnerability Response CI lookup rule and Ignore CI classes for more information.

    7. Modify reconcilation and recompute CMDB data sources to set the source of truth for attribute values.

      The CMDB 360 dashboard provides aggregations and analysis of CMDB 360 data. CMDB 360 collects data about all the discovery sources reporting attribute values for CIs. Use the CMDB 360 view in Configuration Management Database (CMDB) Workspace to track activities and identify potential issues of discovery sources. See CMDB 360 view in CMDB Workspace for more information.