Manual ingestion of vulnerabilities

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manual Ingestion of Vulnerabilities

    Manual ingestion of vulnerabilities into the Vulnerability Response application allows for prompt remediation without waiting for scanner results. This feature is particularly beneficial for protecting assets from unknown threats like zero-day exploits, enabling proactive management of vulnerabilities.

    Show full answer Show less

    Key Features

    • File Formats: Vulnerability data can be uploaded in Excel or CSV format.
    • Template Access: Access the template through the interface at All > Vulnerability Response > Manual Vulnerability Item Ingestion > Upload File UI.
    • Data Entry Guidelines: Follow strict guidelines when populating the template to avoid record skipping, such as maintaining column names and order.
    • Integration Triggers: The ingestion process is activated upon file upload, with specific integrations for Excel and CSV formats.
    • Integration Parameters: Default parameters include maxinputrecords (recommended limit of 1000) and insertfixed for importing fixed vulnerabilities.

    Key Outcomes

    By utilizing manual ingestion, ServiceNow customers can efficiently manage vulnerabilities, ensuring timely remediation and enhanced security posture. Following the outlined procedures will help maintain data integrity and maximize the effectiveness of the Vulnerability Response application.

    Manually ingest vulnerabilities into the Vulnerability Response application so that you can remediate them quickly without having to wait for scanner results.

    Third-party scanners such as Rapid7 help import vulnerability data into Vulnerability Response and process the data to report the findings. With Manual Ingestion integration, you can proactively ingest the vulnerabilities and remediate them instead of waiting for scanners to report the assets that are at risk. Manual ingestion of vulnerabilities effectively protects the assets against unknown threats such as zero-day exploits.

    Manual ingestion of vulnerabilities

    You can import the vulnerability data by uploading a template in the following file formats:
    • Excel
    • Comma-separated value (CSV)

    To access and download the template, navigate to All > Vulnerability Response > Manual Vulnerability Item Ingestion > Upload File UI.

    Ensure that you follow these key points while populating the records in the template:
    • Do not make any typing errors in the Severity/ State column records. If there is a typing error, the record is skipped.
    • Do not change the column names.
    • Do not put column names in any row except the first row.
    • Do not change the order of the sheets in the Microsoft Excel template. The vulnerabilities data must always be present in the second sheet.
    • Do not put vulnerabilities details in any sheet except the Input Manual Detections sheet.
    • Do not use any character except alphanumeric and special characters such as dash (-), period (.), plus (+), underscore ( _ ), space, brackets ‘(‘ ‘)’, and at symbol (@) for the filename.

    For instructions on how to populate the data in the template, see Template for manual ingestion of vulnerabilities.

    Starting with v24.0.6 of Vulnerability Response, you can also create additional columns in the Microsoft Excel template. For more information, see KB1646630.

    Manual Ingestion integrations

    The integration is triggered when a file is uploaded. Based on the type of file uploaded, the related integration is triggered.

    To view the integrations, navigate to All > Vulnerability Response > Manual Vulnerability Item Ingestion > Integrations.

    The following base system Manual Ingestion integrations are available by default.

    Table 1. Integrations
    Integration type Description
    Manual Ingestion Excel Integration Retrieves data by fetching the latest Microsoft Excel file uploaded from the Vulnerability Ingestion Push Queue table and copies the attachment to the respective Integration run.
    Manual Ingestion CSV Integration Retrieves data by fetching the latest CSV file uploaded from the Vulnerability Ingestion Push Queue table and copies the attachment to the respective Integration run.
    The Manual Ingestion third-party integration creates an integration instance, by default, with the following two integration instance parameters:
    • max_input_records: Defines the number of records that can be created in the template. If you add more records than what is specified in this parameter, the additional records are skipped. The number of records can be updated in the Value column. The recommended number of record creations in the template is 1000. Anything above this value can pose performance challenges.
    • insert_fixed: Imports fixed vulnerability detections.

    To view the integration instance parameters, navigate to All > Vulnerability Response > Manual Vulnerability Item Ingestion > Integrations and click the source instance of any integration. Alternatively, you can navigate to All > Vulnerability Response > Integration Instances and click Manual Ingestion.