Review Unified Security Exposure Management integrations

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Review Unified Security Exposure Management integrations

    The integration dashboard in Security Exposure Management offers a comprehensive view of installed third-party applications and the status of their integration runs. It allows users to interact with visual data representations (such as bar charts and pie charts) to access detailed information about each integration component. This functionality helps monitor and troubleshoot integration performance effectively.

    Show full answer Show less

    Accessing the Integration Dashboard

    To access the dashboard, navigate within ServiceNow to Workspaces > Security Exposure Management Workspace > Administration and select Review on any integration.

    Key Features

    • Integration Runs Metrics: Displays the number of integration runs completed (both successful and failed) over the past 7 and 30 days. Common failure causes include network interruptions and data corruption during transfer. Users can rerun integrations with a full data import option to resolve such issues.
    • Ingestion Health Highlights: Provides performance information on import queue processing times, wait times, and REST API response times.
    • Processing Health Metrics: Shows performance data for assignment rules, remediation tasks, CI lookup, risk rules, and vulnerability item creation over the last 30 days, with color-coded parameters to quickly identify deviations.
    • Integration Details Table: Lists integrations with key attributes such as name, active status, schedule, last run status, and notes.

    Handling Integration Failures and Timeouts

    In case of integration failures, such as with Tenable.sc, the system automatically handles authentication token expiration by generating new tokens for subsequent runs. All integration attempts, whether successful or failed, are logged and visible in the Vulnerability Integration Process records.

    Integration data is processed in pages through multiple import queue entries with a one-hour processing limit. If processing exceeds this limit due to large payloads, timeout errors may occur; however, the system continues processing to avoid data loss. Heartbeat timestamps are sent periodically to confirm active processing.

    System Properties for Performance Monitoring

    Two key system properties control timeout and heartbeat behavior:

    • snseccmn.recordthresholdheartbeat: Defines how many records are processed before sending a heartbeat timestamp.
    • snseccmn.maximumheartbeatdelay: Defines the maximum allowable delay before timing out a stuck import queue entry.

    Practical Benefits for ServiceNow Customers

    This integration review enables customers to efficiently monitor the health and performance of their security exposure integrations, quickly identify and resolve failures, and ensure continuous data processing. Understanding these features helps maintain reliable and timely vulnerability data import and processing within their ServiceNow environment.

    The integration dashboard provides an overview of the installed third-party applications and the status of the integration runs.

    In the chart, point to any part (bar, pie, data point, and so on) to view general data specific to that part. If you select any part of a report, a list opens to provide detailed information.

    Access the Integration Dashboard

    To open the dashboard, navigate to Workspaces > Security Exposure Management Workspace > Administration and select Review on any integration.

    Data visualization

    Note:
    To learn more about a widget, select the information icon.
    Table 1. Overview tab
    Metrics Type Description
    Integration runs

    Vertical Bar
    The number of integration runs completed for each integration. Shows both successful and failed runs in the past 7 and 30 days. The most common causes for a failed run include:
    • Network interruption
    • Bit decay in the data transfer resulting in corrupted data during the transform
    If you encounter any of these conditions, select the Full data import check box, click Execute Now, and rerun the integration.
    Ingestion health Highlights Provides information on the following:
    • Import queue processing time.
    • Import queue wait time.
    • REST API time.
    Processing health Multiple lines Provides performance metrics for assignment rules, remediation task rules, CI lookup time, risk rules, and VI creation time for the last 30 days, to identify the cause for any deviations in performance. The performance is calculated based on the time taken for each activity. These parameters are calculated and associated at the integration run level. Each parameter is color coded for easy identification.
    Note:
    Multiple factors can impact the performance of the integration run, like the amount of data and time taken to process this data.
    Table 2. Integrations
    Name Description
    Name Name of the integration.
    Active Status of the integration whether active or not.
    Run Run schedule of the integration
    Day Day on which the integration runs.
    Time Time at which the integration runs.
    Last run status Status of the last integration run whether failed or successful.
    Notes Notes
    Note:
    If a Tenable.sc integration run fails for any reason, the authentication token for Tenable.sc automatically expires and a message is displayed on the Vulnerability Integration Process record. A new token is automatically generated for the next integration process. All the integration processes, failed and successful, are displayed on the Vulnerability Integration Process tab on the Vulnerability Integration Process record.
    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing. The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.