Preparing for the Microsoft Threat and Vulnerability Management Vulnerability Integration

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Preparing for the Microsoft Threat and Vulnerability Management Vulnerability Integration

    This document outlines the necessary setup tasks to prepare for integrating Microsoft Threat and Vulnerability Management (MS TVM) with ServiceNow® Vulnerability Response. Following a checklist ensures a smooth installation and data import process into your ServiceNow AI Platform® instance.

    Show full answer Show less

    Key Features

    • Integration Preparation Checklist: Verify essential credentials such as ClientSecret, ClientId, and TenantId for your MS TVM account.
    • Vulnerability Response Application: Ensure the Vulnerability Response application is installed and activated, requiring version 14.0 or later.
    • Instance Capacity: Estimate the number of vulnerable items for import and confirm your instance can handle this volume to avoid performance issues.
    • User Roles Management: Assign necessary roles such as admin, vulnerability admin, and specific granular roles for proper integration configuration and management.
    • Performance Optimization: Optionally disable unnecessary features or notifications during the initial import to enhance performance.

    Key Outcomes

    By completing the steps outlined, you will be prepared to successfully install and configure the Vulnerability Response Integration with MS TVM, allowing for effective management and remediation of vulnerabilities within your organization. This process ensures that your ServiceNow instance operates efficiently while handling security vulnerabilities.

    You can prepare for the ServiceNow® Microsoft Threat and Vulnerability Management (MS TVM) Vulnerability integration by performing setup tasks.

    Before you begin using a checklist

    To install and configure the Vulnerability Response Integration with the MS TVM application, you can print the following checklist and verify the items listed are completed before you install the application and import vulnerability data into your ServiceNow AI Platform® instance.

    Table 1. Integration preparation checklist
    Task Description
    Checkbox image. Verify that you have one of the following sets of information:
    Checkbox image. If not already installed and activated, install the Vulnerability Response application before you install the third-party application.

    For more information about installing and activating the Vulnerability Response application, see Install Vulnerability Response. This integration requires version 14.0 of Vulnerability Response or later.
    Checkbox image.

    If you don't already have the application on your instance, get entitlements and download the Vulnerability Response integration with MS TVM application to your ServiceNow AI Platform® instance.

    See .
    Checkbox image.

    Estimate the number of vulnerable items that you expect to import.

    Verify that your instance can accept the number of vulnerable items that you expect to import. An undersized instance can lead to long load times. If you don't know the size of your instance, or if you need assistance, contact ServiceNow® Technical Support.
    Checkbox image.

    Verify that you have the following groups or users to manage the integrations and to remediate vulnerable items:

    admin
    Uses Setup Assistant to install the Vulnerability Response integration with the MS TVM application. If not assigned, the admin assigns the vulnerability admin (sn_vul.vulnerability_admin) and other roles in Setup Assistant.
    sn_vul.vulnerability_admin
    Completes the configuration of the MS TVM integration. This role has complete access to the Vulnerability Response (VR) application and its records. This admin configures all VR applications and rules and configures third-party integrations.
    sn_vul_msft_tvm.configure_integration
    Configures the MS TVM Vulnerability Integration. This role contains the sn_vul_msft_tvm.read_integration granular role.
    sn_vul_msft_tvm.read_integration
    Views (reads) records of the MS TVM Vulnerability Integration.
    Vulnerability Response group
    By default, the Vulnerability Response group is available in Setup Assistant. Users assigned to the Vulnerability Response group inherit the sn_vul.read_all and sn_vul.remediation_owner roles automatically.

    If not already created, you may prefer to create additional groups and add users with the User Administration module in your instance before you use Setup Assistant. For more information, see Create a user group.

    Persona and granular roles are available to help you manage what users can do and see in the Vulnerability Response application. For initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant.
    Checkbox image. Install the Vulnerability Response integration with NVD and run the NIST National Vulnerability Database Integration - API (CVE only).
    Checkbox image.

    To promote improved performance for your first import, you can disable certain features, rules, or jobs in your instance.

    • Disable vulnerability calculators if you do not use them. These calculators, plus any that you have defined, run every time a vulnerable item record is created or updated. For more information, see Disable the default vulnerability calculator if not used.
    • During the initial import of records, certain notification-related business rules can cause many notifications to be generated, which could impact the performance of the ingestion.

    You are ready to Install and configure the Vulnerability Response Integration with the MS TVM application using Setup Assistant.