Unified Security Exposure Management integrations

Release version: Australia

Updated March 12, 2026

12 minutes to read

Unified Security Exposure Management supports multiple third-party integrations to help with vulnerability management, orchestration and remediation. This section provides guidelines for managing and developing integrations.

How integrations work

Integrations work in the following way:

Vulnerability entries are imported from the National Vulnerability Database (NVD), Central Vulnerability Database and third-party scanners.
Detection data from third-party scanners are matched against assets in your Configuration Management Database (CMDB).
When a match is found, a finding is created.
The findings are then:
- Grouped into remediation tasks.
- Risk-scored with business context.
- Prioritized and assigned to the appropriate teams.

The following table provides a list of Unified Security Exposure Management integrations created by ServiceNow® and partners.

Table 1. Integrations
Integration	Product installation	Category	Use case	Setup Guide	Built by
Import vulnerabilities and create vulnerable items
Tenable	Vulnerability Response Integration with Tenable	Vulnerability Response	Match assets, import third-party vulnerabilities to create vulnerable items. Note: Tenable.io doesn’t support launching rescan on agent-based machines.	Understanding the Tenable Vulnerability Integration	ServiceNow
AWS	AWS Integration for Security Exposure Management
Rapid7	Rapid7 Integration for Security Operations	Vulnerability Response	Match assets, import third-party vulnerabilities to create vulnerable items.	Understanding the Rapid7 Vulnerability Integration	ServiceNow
Qualys	Qualys integration for Security Operations	Vulnerability Response	Match assets, import third-party vulnerabilities to create vulnerable items. Note: On-demand rescan is available.	Understanding the Qualys Vulnerability Integration	ServiceNow
CrowdStrike	CrowdStrike Falcon Exposure Management for Vulnerability Response	Vulnerability Response	Match assets and use NVD to create vulnerable items. Supports tag-based filtering on import.		Partner
Microsoft	Microsoft Defender Integration for Security Exposure Management	Vulnerability Response	Match assets and import endpoint vulnerabilities to create vulnerable items.	Understanding the Microsoft Threat and Vulnerability Management Vulnerability integration	ServiceNow
Microsoft	Vulnerability Response Integration with Microsoft Defender for IoT (On-premises Management Console)	Vulnerability Response	Import vulnerabilities into ServiceNow Operational Technology Vulnerability Response and take risk-based action with production process context.	Understanding the Vulnerability Response patch orchestration integration with Microsoft SCCM	ServiceNow
Cisco (Kenna)	Kenna.VM (Vulnerability Management)	Vulnerability Response	Match assets and use NVD to create vulnerable items. Includes Kenna Risk score.		Partner
Tanium	Tanium Vulnerability Management	Vulnerability Response	Match assets and import third-party vulnerabilities to create vulnerable items.		Partner
Orca	Orca Security for Vulnerability Response	Vulnerability Response	Match assets and import third-party vulnerabilities to create vulnerable items.		Partner
Onapsis	Onapsis Vulnerability Integration	Vulnerability Response	Match assets and import third-party vulnerabilities to create vulnerable items for SAP assets and applications.		Partner
Synack	Synack - Vulnerability Response	Vulnerability Response	Import vulnerabilities from Synack.		Partner
Wiz.io	Wiz Integration for Security Operations	Vulnerability Response	Match cloud assets and import third-party vulnerabilities to create vulnerable items.	Understanding the Wiz Vulnerability Response Integration	Partner
Lacework	Lacework	Vulnerability Response	Import infrastructure vulnerabilities from your cloud asset sources. Supports vulnerability calculator and filtering by severity.		Partner
Recorded Future	Attack Surface Intelligence	Vulnerability Response	External attack surface assets and exposures imported into ServiceNow Vulnerability Response. Create vulnerable items from external asset detections. Includes Recorded Future threat and vulnerability enrichment.		Partner
Mandiant	Mandiant Attack Surface Management	Vulnerability Response	Import information about vulnerabilities and vulnerable items from the Mandiant Attack Surface Management platform.		Partner
IBM	IBM Guardium Data Protection	Vulnerability Response	Integrate IBM Guardium database vulnerability scan results with ServiceNow.		Partner
CyCognito	CyCognito App for Vulnerability Response	Vulnerability Response	Import issues and assets from Cycognito SAAS platform.		Partner
VMware	Carbon Black Cloud	Vulnerability Response	Ingest vulnerability data and context from Carbon Black Cloud. Create configuration items from Carbon Black Cloud endpoints and workload.		Partner
Nucleus	Nucleus Security for Vulnerability Response	Vulnerability Response	Import findings from Nucleus Security Auto-update Vulnerable Items. Bi-directional update via comments field. Map custom fields.		Partner
InfoSec Global (ISG)	InfoSec Global (ISG) AgileSec Analytics Integration for Vulnerability Response Module	Vulnerability Response	Import vulnerability findings on Cryptographic assets: Cryptographic Keys, Keystores, and Libraries		Partner
Censys	Censys ASM to Vulnerability Response Integration	Vulnerability Response	Scan, discover, and catalog vulnerabilities on internet-facing assets.		Partner
Import container findings, vulnerabilities, and images
Palo Alto	Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute	Container Vulnerability Response	Ingest container vulnerabilities from Prisma Cloud Compute (formerly Twistlock) and use runtime context (cluster/ namespace and so on) to automate remediation workflow.	Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute integration	ServiceNow
Aqua	Aqua Security Platform integration with Vulnerability Response for Containers	Container Vulnerability Response	Import container vulnerabilities from Aqua Platform. Docker and MID Server support.		Partner
AWS	AWS Integration for Security Exposure Management
Sysdig	Sysdig Container Vulnerability Response	Container Vulnerability Response	Import container vulnerabilities from Sysdig. Supports VI granularity, container, kubernetes, and host security		Partner
Lacework	Lacework	Container Vulnerability Response	Import container vulnerabilities and attempt to match based on docker configuration items (CIs). Supports vulnerability calculator and filtering by severity.		Partner
WIZ	Wiz Integration for Container Vulnerability Response	Container Vulnerability Response	Import all container vulnerabilities from Wiz.	Exploring the Wiz Container Vulnerability Integration	Partner
Qualys	Qualys Container Vulnerability Response Integration	Container Vulnerability Response	Import all container vulnerabilities from QCS.		Partner
CrowdStrike	CrowdStrike Falcon Cloud security for Container Vulnerability Response	Container Vulnerability Response	Import all container vulnerabilities from FCS.		Partner
Solution Intelligence
Microsoft	Vulnerability Solution Management	Vulnerability Response - Content	Provides solution content for vulnerabilities.	Microsoft Security Response Center Solution Integration	ServiceNow
Red Hat	Red Hat Security Data	Vulnerability Response - Content	Provides solution content for vulnerabilities.	Red Hat Solution Integration	ServiceNow
Rapid 7	Rapid7 Integration for Security Operations	Vulnerability Response - Content	Provides solution content for vulnerabilities.	Rapid7 solution management	ServiceNow
Tanium	Tanium Vulnerability Management	Vulnerability Response - Content	Provides solution content for vulnerabilities.		Partner
CVRF Generic Framework	Supports CVRF Format	Vulnerability Response - Content	Provides solution content for vulnerabilities.	Generic framework to ingest data from any solution vendor Setting up vulnerability solution providers	ServiceNow
CSAF Generic Framework	Supports CSAF Format	Vulnerability Response - Content	Provides solution content for vulnerabilities.	Generic framework to ingest data from any solution vendor Setting up vulnerability solution providers	ServiceNow
Vulnerability enrichment and threat scoring
Recorded Future	Vulnerability Intelligence	Vulnerability Response - Intelligence	Use Recorded Future vulnerability intelligence to prioritize vulnerabilities.		Partner
Flashpoint	Flashpoint Ignite for Vulnerability Response	Vulnerability Response - Intelligence	Consume alerts as security incidents (email), Import TI and vulnerability context.		Partner
Cisco (Kenna)	Kenna.VI+ (Kenna Vulnerability Intel)	Vulnerability Response - Intelligence	Use Kenna.vi vulnerability intelligence to prioritize vulnerabilities.		Partner
Risk Based Security by Flashpoint	Flashpoint VulnDB	Vulnerability Response - Intelligence	Import RBS records into third-party vulnerabilities. Risk scores and software-based vulnerability matching.		Partner
Digital Shadows (Grey Matter by Reliaquest)	GreyMatter Digital Risk Protection Vulnerability Intelligence for Vulnerability Response	Vulnerability Response - Intelligence	Prioritize vulnerabilities using Digital Shadows risk factors and scoring based on analyst-curated threat intelligence.		Partner
Mandiant \| Google	Google Threat Intelligence for SecOps	Vulnerability Response - Intelligence	Enriches vulnerability item records with Mandiant vulnerability intelligence for better prioritization.		Partner
CISA	Vulnerability Response Integration with CISA	Vulnerability Response - Intelligence	Use known exploitedvulnerabilities. Catalog to prioritize vulnerabilities.	CISA Known Exploit Vulnerability (KEV) Integration	ServiceNow
First.org	EPSS	Vulnerability Response - Intelligence	Use the Exploit prediction scoring system to prioritize vulnerabilities.	Understanding the Exploit Prediction Scoring System (EPSS) integration	ServiceNow
XM Cyber	XM Cyber - Vulnerability Response	Vulnerability Response - Intelligence	Asset Ingestion Link Additional Risk Data Application Risk Measures		Partner
Zafran	Zafran Threat Exposure Management Platform	Vulnerability Response - Intelligence	Ingest vulnerabilities from scanning tools, provide Zafran enrichment and then link to vulnerable items in Vulnerability Response. Intelligence includes mitigation factors, internet-facing, and custom risk score.		Partner
Patch orchestration in solution management
Microsoft	Vulnerability Response Patch Orchestration with Microsoft SCCM	Vulnerability Response - Patching	Ingest the patch details and correlate the patch, solution, and asset details to suggest Security and IT which assets are missing patches.	Understanding the Vulnerability Response patch orchestration integration with Microsoft SCCM	ServiceNow
HCL	Vulnerability Response Patch Orchestration with HCL Bigfix	Vulnerability Response - Patching	Ingest the patch details and correlate the patch, solution, and asset details to suggest Security and IT which assets are missing patches.	Understanding the HCL BigFix patch orchestration integration with Vulnerability Response	ServiceNow
Tanium	Tanium Patch Management for Vulnerability Response	Vulnerability Response - Patching	Patches CIs through the Vulnerability Response Patch Orchestration module. This can be used in addition to the Tanium VR integration to close the loop from identifying vulnerabilities with Tanium Comply to patching those vulnerabilities with Tanium Patch.		Partner
Import test, policies, results
Qualys	Qualys Integration for Security Operations	Configuration Compliance	Import test, policies, results.	Qualys integration with Configuration Compliance	ServiceNow
Qualys	Qualys CSPM Integration	Configuration Compliance	Import test, policies, results.		Partner
AWS	AWS Integration for Security Exposure Management
Tenable	Vulnerability Response Integration with Tenable	Configuration Compliance	Import test, policies, results.	Understanding the Tenable Vulnerability Integration	ServiceNow
Tanium	Tanium Configuration Compliance Integration	Configuration Compliance	Import test, policies, results.		Partner
Palo Alto Networks	Expander Configuration Compliance	Configuration Compliance	Import attack surface and alerts from Expander.		Partner
Trend Micro	Conformity Connector	Configuration Compliance	Import misconfiguration and test results from Trend Micro Cloud One into ServiceNow.		Partner
Import cloud misconfiguration data (Cloud Security)
Microsoft	Defender for Endpoint	Configuration Compliance	Import test, policies, results.		ServiceNow
Microsoft	Microsoft Defender for Security Exposure Management	Configuration Compliance	Import the cloud resource configuration issues from Microsoft Defender for Cloud and automate remediation workflow.	Microsoft Defender for Cloud Integration for Security Operations	ServiceNow
Palo Alto	Vulnerability Response Integration with Palo Alto Prisma Cloud	Configuration Compliance	Import the cloud resource configuration issues from Prisma Cloud (formerly RedLock) and automate remediation workflow.	Understanding the Vulnerability Response Integration with Palo Alto Prisma Cloud	ServiceNow
Wiz	Wiz Integration for Configuration Compliance	Configuration Compliance	Import the cloud resource configuration issues from Microsoft Defender for Cloud and automate remediation workflow.	Exploring the Wiz Test Results and Issues Integrations with Configuration Compliance	Partner
Rapid7	Rapid7 InsightCloudSec CC Integration	Configuration Compliance	Import cloud misconfigurations and compliance issues		Partner
Lacework	Lacework Code to Cloud	Configuration Compliance	Import cloud misconfigurations and compliance issues.		Partner
AWS	AWS Integration for Security Exposure Management
Import dynamic, static analysis results and SCA
Veracode	Vulnerability Response Integration with Veracode	Application Vulnerability Response	Import test, policies, results, DAST findings, SAST findings and SCA findings.	Veracode Vulnerability Integration	ServiceNow
Qualys WAS	Vulnerability Response Integration with Qualys WAS	Application Vulnerability Response	Import Dynamic Scan results from Qualys WAS application.		Partner
Microfocus Fortify	Fortify Application Vulnerability Integration	Application Vulnerability Response	Import DAST and SAST findings.	Fortify Vulnerability Integration	ServiceNow
Snyk	Snyk Security for Application Vulnerability Response	Application Vulnerability Response	Import SCA and SAST findings.		Partner
Open source vulnerability intelligence (SBOM workflows)
Snyk	Snyk API and Web for Application Vulnerability Response	Application Vulnerability Response	Web App Scanning findings API Security findings		ServiceNow
GitHub	Github Application Vulnerability Integration	Application Vulnerability Response	Code Scanning Secret Scanning Dependabot alerts.	GitHub Application Vulnerability Integration	ServiceNow
HCL AppScan	Vulnerability Response Integration with HCL AppScan	Application Vulnerability Response	Import Dynamic Scan results from HCL AppScan.		Partner
Checkmarx	Checkmarx CxSAST Vulnerability Integration	Application Vulnerability Response	Import SAST findings. Note: Uses CxSAST API.		Partner
Checkmarx	Checkmarx One Vulnerability Integration	Application Vulnerability Response	Import SAST and SCA findings from Cx VulnerabilityOne API.		Partner
Invicti	Invicti Application Vulnerability Integration	Application Vulnerability Response	Import applications, scan summaries, results Import IAST findings. Import SAST findings.	Invicti Vulnerability Integration	ServiceNow
Synopsys	Vulnerability Response Integration with Black Duck	Application Vulnerability Response	Import SCA findings.	Vulnerability Response Integration with Black Duck	ServiceNow
Sonatype	Sonatype Security for Application Vulnerability Response	Application Vulnerability Response	SCA – import open source vulnerabilities from Sonatype Lifecycle product.		Partner
Apiiro	Apiiro ASPM for Application Vulnerability Response	Application Vulnerability Response	Application Security Posture Management vulnerabilities, fix issues by assigning to code owners CMDB App is also available.		Partner
Rapid7	Rapid7 InsightAppSec Application VR Integration	Application Vulnerability Response	Fetch apps, scans, vulnerabilities, attacks, attack modules into ServiceNow Vulnerability Response. Web application scanning results.		Partner
NoName (by Akamai)	Akamai API Security Integration for AVR	Application Vulnerability Response	Create and update vulnerable items from NoName on API detections.		Partner
Tenable	Tenable WAS	Application Vulnerability Response	Application security findings.		Partner (Tenable)
Snyk	Snyk Vulnerability Intelligence for SBOM	Application Vulnerability Response - SBOM	Vulnerability Intelligence on Open-source components in SBOM.		Partner
Google (open source)	SBOM Response	Application Vulnerability Response - SBOM	Vulnerability intelligence information for a given version of a package or library.		ServiceNow
Google (open source)	SBOM Response	Application Vulnerability Response - SBOM	License and dependency information for a given version of a package or library.		ServiceNow
Veracode	Vulnerability Response Integration with Veracode	Application Vulnerability Response - SBOM	Upload exported vulnerabilities to create AVITs. Prioritize by NVD severity.		ServiceNow
Agile task creation for remediation
Atlassian	Vulnerability Response Integration with Atlassian Jira	Vulnerability Response - Agile Tools	Create Jira tasks/ issues for Application and Container vulnerabilities. Bi-directional status updates between Vulnerability Response and Jira.	Understanding the Atlassian Jira integration with Vulnerability Response	ServiceNow

Custom integrations

You can manually create integrations not available in the ServiceNow Store. See Manually create a vulnerability integration for more information.

Configuring and managing integrations

You can install, configure, schedule, and launch many integration applications.
For integrations supporting multiple deployments, refer to Create domain-separated imports for an integration.
The Rapid7 Vulnerability Integration application can be installed from Setup Assistant, but its configuration isn’t supported within Setup Assistant. See Install the Rapid7 Vulnerability Integration for more information. You can install, configure, schedule, and launch on-demand many of the integration applications from within Setup Assistant.

Performance and timeout handling

During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it’s also older than one hour. If it is, this indicates that the import queue entry is stuck, and it’s timed out to prevent any further delays in processing.

Note:

The Last Record Processed field is updated based on what is defined in the following system properties:

sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.