Invicti Vulnerability Integration state mapping

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • The following source states from the Invicti Vulnerability Integration and their target states in your instance are listed in the following table.

    Table 1. Invicti source states and their corresponding ServiceNow AI Platform states
    Invicti source states Description of source states Target state in the ServiceNow AI Platform
    Present The Issue is identified. Open
    Present, AcceptedRisk, Revived The Issue has been considered and is marked as a low risk vulnerability. Deferred
    Present, False Positive The Issue has been considered and is marked as not a genuine vulnerability. Closed
    FixedUnconfirmed, Fixed Unconfirmed The Issue has been fixed but not confirmed by Invicti Enterprise. Resolved
    Fixed (Confirmed), FixedConfirmed, FixedConfirmed, AcceptedRisk, FixedConfirmed, False Positive The Issue has been fixed and confirmed by Invicti Enterprise and no further action is required. Closed
    Fixed (Can't Retest) The Issue has been identified but Invicti cannot retest to confirm whether the Issue has been fixed or not. Resolved
    Revived The issue was fixed in previous scans but has been found again. Open
    Deferred, Ignored The Issue was ignored by the user. In Invicti Enterprise, to ignore an issue, a user updates its status to “accepted risk”. Risk Accepted

    Application release mapping

    Source Field Target field on ServiceNow AI Platform
    ID source_app_id
    CreatedAt app_creation_date
    UpdatedAt app_updation_date
    Name app_name
    RootUrl Source_additional_info
    Description description
    Tags Tags

    Vulnerability mapping

    Source Field Target field on ServiceNow AI Platform
    Type Category name
    Vulnerability detail Summary
    Impact Threat
    Source references Web references
    Source recommendation Solution
    Type source_entry_id/ID
    Severity source_severity
    Classification[“Cwe”] CWE list
    CvssVectorString CVVS v3 fields

    Scan summary mapping

    Source field Target Field
    Source Source
    TotalVulnerabilityCount Detected_flaw_count
    Initiated date Dynamic scan date
    id source_scan_id

    Application vulnerable item (AVIT) mapping

    Source Field Target field on ServiceNow AI Platform
    Type Scan type
    Website ID Source app ID
    ID Source AVIT ID
    Last seen date Last found
    First seen date First found
    Last updated date Last scan date
    parameters Affected parameter
    URL Affected URL
    Severity Source severity
    Url Source link
    Vulnerability detail Source vulnerability summary
    External references Source references
    Remedy + Remedy references Source recommendation
    State Source remediation status
    Impact Source vulnerability explanation