| System Type |
Choose one:
Based on your choice, only the names of the integration instances that you have configured and saved for either Enterprise or Platform are displayed in the Integration Instance field. By
default, a configuration record for each type is provided, one for Enterprise and one Platform. Your input for the other fields is required before you can save and test credentials for these
configurations. Note: You can activate and schedule configured integrations for both system types. Enterprise and Platform integrations can work together to provide you with a wide range of
vulnerability data. |
| Integration Instance |
All existing integration instances for either Enterprise or Platform are displayed based on your choice for System Type. |
| API URL |
Displayed only for Platform integration instances. User's Invicti's instance URL. This is the information you obtained from Prepare for the Invicti Vulnerability Integration. |
| User ID |
Unique user ID. |
| API token |
Displayed only for Platform integration instances. API token you generated from your Invicti console. This is the information you obtained from Prepare for the Invicti Vulnerability Integration. |
| Choose the scan type. You must select at least one. |
| Include DAST |
Option to include vulnerabilities from DAST scans. DAST scans find vulnerabilities for an application dynamically while it is running. This approach might imitate an outside attack. |
| Include IAST |
Option to include vulnerabilities from IAST scans. IAST scans detect software vulnerabilities by interacting with the program while it is running. Human observation, automated tests, and sensors
are used in combination to interact with the application to locate vulnerabilities. |
| Date format |
Parameter that converts the start time to the format supported by the Invicti API used by the Invicti Application Vulnerable Item Integration. This parameter should match the format you've
defined or selected in your Invicti account, for example, dd/MM/yyyy. Verify the date and time formats in your Invicti console match those you enter for the Date format in
your ServiceNow AI Platform instance. To change this format in your Invicti console:
- Log in at Invicti Sign In.
- Select User name in the top right.
- Navigate to .
Note: Failed imports might occur if you enter an invalid date format in your ServiceNow AI Platform instance. If you enter a valid format in your instance that differs from the date format in your Invicti console, Invicti will return an empty
payload. |
| Manage exceptions in ServiceNow |
Displayed only for Platform integration instances. Choose one:
- Activated (selected)
- Application vulnerable items (AVIT) from Invicti with states such as Present and AcceptedRisk that might be deferred in your instance are
instead mapped to Open automatically.
- Deactivated (not selected)
- Source states for Application vulnerable items (AVITs) imported from Invicti are preserved. You must manage exceptions for these AVITs (defer them) from AVIT records.
For more information about Invicti source states and target fields, see Invicti Vulnerability Integration state mapping. |
| Manage false positives in ServiceNow |
Displayed only for Platform integration instances. Choose one:
- Activated (selected)
- AVITs with states from Invicti such as Present and False Positive that might transition to Closed in your instance are
instead mapped to Open automatically.
- Deactivated (not selected)
- AVIT states imported from Invicti are preserved. You must manage false positives or potential false positives for these AVITs from AVIT records.
|