Errors for the Vulnerability Response Integration with Claroty CTD

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Errors for the Vulnerability Response Integration with Claroty CTD

    This guide addresses common errors encountered when using the Vulnerability Response Integration with Claroty CTD in ServiceNow. It covers both the Vulnerability Detection and Vulnerability Auto-Closure integration processes, focusing on issues during data retrieval and data processing. Understanding these errors helps you troubleshoot integration failures and ensures seamless vulnerability management workflows.

    Show full answer Show less

    Key Error Categories and Causes

    Vulnerability Detection Integration (Data Retrieval)

    • Missing Credentials: Integration cannot run without a valid username and password configured.
    • REST Configuration Missing: REST message and REST method fields must be populated on the integration job record.
    • Server URL Not Set: Claroty CTD server URL must be specified in the integration configuration.
    • API Resource Path Missing: The detection API resource path parameter must be set; default is /ranger/assetswithinsights.
    • Invalid Response Codes: HTTP error codes (e.g., 401 Unauthorized) indicate invalid credentials or authorization issues.
    • Missing counttotal in JSON: Pagination depends on the counttotal property in the API response; its absence suggests a malformed payload or connectivity issues.

    Vulnerability Detection Integration (Data Processing)

    • Error Writing Attachment: Usually caused by the MID Server user missing the snvul.vrimportadmin role, preventing attachment of response data.
    • Null Attachment Content or Missing Attachment: May indicate an issue with the Claroty API response or ServiceNow data source handling. Administrator intervention is advised.

    Vulnerability Auto-Closure Integration (Data Retrieval)

    • Shares similar error causes to the Vulnerability Detection Integration, including missing credentials, REST configuration, server URL, and API resource path.
    • Additional errors include inability to parse the objects array from the response body, signaling invalid or malformed payloads.
    • Connectivity and API response validity should be verified through MID Server reachability and Outbound HTTP Logs.

    Vulnerability Auto-Closure Integration (Data Processing)

    • Failed to Parse Data Dictionary JSON: Indicates invalid JSON payloads, often following prior data retrieval errors.
    • Checking MID Server connectivity and HTTP logs is recommended to diagnose response validity issues.

    Practical Recommendations for ServiceNow Customers

    • Ensure all integration configuration fields are complete: username/password, REST message and method, server URL, and API resource path.
    • Validate MID Server connectivity to the Claroty CTD instance and verify proper role assignments (e.g., snvul.vrimportadmin) for the MID Server user.
    • Use Outbound HTTP Logs and Data Source attachment files (such as response.json) to confirm API response structure and required JSON properties like counttotal and objects.
    • Contact your ServiceNow administrator if errors related to attachment writing or null content persist, as these may require deeper system-level troubleshooting.

    You may encounter errors that need troubleshooting while you’re working with the Vulnerability Response Integration with Claroty CTD.

    Vulnerability Detection Integration (Data Retrieval)

    Error message Possible cause
    Can’t run a Claroty CTD Integration without a user name and password combo. No user name or password is present on the integration configuration.
    Can’t run integration without a REST message and REST method specified. On the Claroty CTD Integration job record, the REST message or REST method fields aren’t populated.
    Can’t run integration without Claroty CTD server URL specified. No URL is present on the integration configuration.
    Can’t run integration without the detection API resource path specified. On the integration configuration, the detection_api_resource_path parameter isn’t populated. The default is /ranger/assets_with_insights.
    Invalid response code {response code} received from Claroty CTD. The response from the Claroty API was invalid. For example, the message Invalid response code 401 is received from Claroty CTD. This invalid response code means Unauthorized and that the credentials (user name/password) are likely invalid.
    Unable to read the count_total property from JSON data. The count_total used for pagination wasn’t present in the API response. It likely means that an invalid payload was received from Claroty CTD.

    Ensure that the Claroty CTD instance is reachable through the MID Server and examine the Data Source attachment response.json file to ensure that count_total exists.

    Vulnerability Detection Integration (Data Processing)

    Error message Possible cause
    Error writing attachment. The system couldn’t attach the response data to the Data Source. Contact your administrator for further assistance.

    A common cause for this error is that the MID Server user is missing the sn_vul.vr_import_admin role.
    Attachment content is null: attachment sys_id = {sys_id}. The Data Source attachment content is null. This could indicate an issue with the Claroty API itself, or an issue in ServiceNow. Contact your administrator for further assistance.
    Couldn’t find attachment with sys_id {sys_id}. Data Source attachment wasn’t found. Follow the same procedures for the preceding error.

    Vulnerability Auto-Closure Integration (Data Retrieval)

    Error message Possible cause
    Can’t run a Claroty CTD Integration without a user name and password combo. No user name or password is present on the integration configuration.
    Can’t run integration without a REST message and REST method specified. On the Claroty CTD Integration job record, the REST message or REST method fields aren’t populated.
    Can’t run integration without Claroty CTD server URL specified. No URL is present on the integration configuration.
    Can’t run integration without the detection API resource path specified. On the integration configuration, the detection_api_resource_path parameter isn’t populated. The default is /ranger/assets_with_insights.
    Invalid response code {response code} received from Claroty CTD. The response from the Claroty API was invalid. For example, the message Invalid response code 401 is received from Claroty CTD. This invalid response code means Unauthorized and that the credentials (user name/password) are likely invalid.
    Unable to read the count_total property from JSON data. The count_total used for pagination wasn’t present in the API response. It likely means that an invalid payload was received from Claroty CTD.

    Ensure that the Claroty CTD instance is reachable through the MID Server and examine the Data Source attachment response.json file to ensure that count_total exists.
    Error parsing 'objects' array from response body. Likely means that an invalid payload was received from Claroty CTD. Ensure that the Claroty CTD instance is reachable and check Outbound HTTP Logs to see if there was a valid response.

    Vulnerability Auto-Closure Integration (Data Processing)

    Error message Possible cause
    Failed to parse the Data Dictionary JSON. The payload from the Data Source attachment was invalid JSON. Likely another error occurs before this error occurs. Ensure that the Claroty CTD instance is reachable and check Outbound HTTP Logs to see if there was a valid response.