Import modifications for the Tenable Vulnerability Integration

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 9분

    • Configure optional modifications and streamline some of the data specifically for the Tenable Vulnerabilities import integration in the ServiceNow® Tenable Vulnerability Integration.

    시작하기 전에

    Role required: sn_vul.vulnerability_admin

    이 태스크 정보

    This set of tasks requires coding and advanced knowledge about the ServiceNow AI Platform.

    Follow these steps to create domain-separated imports for the Tenable Vulnerabilities Integrations. The following example is for the Tenable.io Open Vulnerabilities integration, but this content is applicable to the other Tenable integrations.

    프로시저

    1. Create a domain.
    2. For every domain you create, create a user and assign the user to that domain.

      Think of this user as a run_as placeholder for the domain in Tenable.io.

    3. Open Vulnerabilities Integration.
      The user is the equivalent to the VR.System user in the global domain and must have the following roles: sn_vul.tenable_configure_integration, import_admin, and sn_vul.vulnerability_write. This user requires access to data sources, transform maps, and vulnerability data.
      주:
      Consider this user as specific to this role. The user should not have any other purpose
    4. In each domain, create a scheduled job by copying Scheduled Vulnerablity Data Source Processor found under System Definition > Scheduled Jobs.
    5. Append the domain to the name to identify the scheduled job.
    6. Change the run_as user to the user you created in the previous step.
      주:
      Edit the following UI action so that the integration runs in the run_as user domain.
      Edit the UI action
    7. Edit the Execute Now UI action in the Tenable.io Open Vulnerabilities Integration to add this code block to the top of the file.
      //sys id below is of Tenable.io integration if(current.sys_id == "4df3f18d53730010d7f1ddeeff7b12a9"){ current.run_as = gs.getUserID (); }
      주:
      Edit the following script includes so that integration runs in the run_as user domain.
    8. Edit the VulnerabilityIntegrationUtils script include method addIntegrationRun to add the highlighted code.
      Add the highlighted code
    9. Edit the VulnerabilityIntegrationUtils script include method addProcessRun to add the highlighted code.
      Add the highlighted code
    10. Edit the DataSourceVulnReportRefreshProcessor script include method _processFromDataSourceGroups to change this original code: Original _processFromDataSourcesGroups code to Edited _processFromDataSourcesGroups code.
    11. Edit the VulnerabilityDSAttachmentManager script include method, queueItem to add the following highlighted code blocks queueItem, _getNext, _processQueueEntry function.

      You are ready for domain-separated host detection imports.

      Disable calculators prior to import

      Follow these steps to disable the default calculator if not used. If you do not use vulnerability calculators, it is best to disable the default calculators in addition to any others you have defined. Vulnerability calculators run every time a vulnerable item record is accessed and can impact instance performance.

      Role required: sn_vul.vulnerability_admin.

    12. Navigate to All > Vulnerability > Administration > Vulnerability Calculators.
    13. Open the Vulnerability Impact group.
    14. Open the Score and Service Based Impact calculator.
    15. Deselect the Active field to deactivate the calculator.
    16. Click Update.

      You have disabled the default calculator.

      Disable notification-based business rules prior to initial import

      Follow these steps to disable Disable notification-related business rules prior to initial record import. During the initial import of records, certain notification-related business rules can generate many notifications, impacting performance. These business rules should be modified to disable them during the import.

      Role required is sn_vul.vulnerability_admin.

    17. Navigate to All > System Definition > Business Rules.
    18. Search for Affected ci notifications.
    19. Open the business rule and insert the following condition: current.sys_class_name != “sn_vul_vulnerable_item".
    20. Click Update.
    21. Repeat this procedure for the following business rules:
      • Affected cost center notifications
      • Affected group notifications
      • Affected location notifications
      주:
      After the completion of the initial record import, you have the option of re-enabling these business rules. However, consider leaving them disabled. They can generate large numbers of notifications and impact the performance of your instance.
      Modify an initial start date

      Follow these steps to Modify an initial start date. During installation using Setup Assistant, you set an initial start date for the Tenable integrations. You can reset that start date in Setup Assistant or from the primary integration as shown in the following steps.

    22. Navigate to All > Tenable Vulnerability Integration > Administration > Integrations.
    23. Click any integration.
    24. Click Integration Details.
    25. Set the Start time field to a value in the past, so all scanned and detected vulnerabilities since that time are detected.

      If you configured Tenable using Setup Assistant, the Start time field is pre-populated, initially to three months prior today's date, and subsequently to today's date. Note: Consider setting the value to a maximum of a month in the past. This keeps large amount of data from exceeding the Tenable API rate limitations, as well as triggering execution timeouts.

    26. Click Submit or Update.
    27. 옵션: Click Execute Now to run immediately.