Configure the Invicti Vulnerability Integration

  • Release version: Xanadu
  • Updated August 1, 2024
  • 4 minutes to read

    • Before you run the integration on your instance, the installation and configuration steps must be completed so the Invicti Vulnerability Integration properly works with the Application Vulnerability Response feature of Vulnerability Response.

    Before you begin

    Roles required:
    • admin to install and activate applications
    • App-Sec Manager user group to configure the integration
    Complete the following setup checklist prior to installation. These setup tasks are required for a smooth installation and configuration.
    Verify that the Vulnerability Response application is installed and activated.

    To verify that this application is activated, navigate to Subscription Management > Subscriptions in your instance. The list displays the subscriptions your organization has purchased.

    If the application is not installed and activated see, Install Vulnerability Response.
    Verify that the Invicti Vulnerability Integration is installed and activated.

    To verify that this application is activated, navigate to Subscription Management > Subscriptions in your instance. The list displays the subscriptions your organization has purchased.

    If the application is not installed and activated see, Install the ServiceNow Vulnerability Response Integration with Invicti.
    Verify that you have the required ServiceNow roles for your instance. The following roles are required for installation, configuration, and verification of expected results:
    • If not already assigned, the System Administrator [admin] installs the app and assigns users to the App-Sec Manager group.
    • The App-Sec Manager oversees configuration and verifies expected results.

    For the Inviciti Vulnerability Integration, have your User ID and API token ready.

    Contact your Invicti administrator to obtain the User ID and API token if you don't know them.

    For more information, see the Invicti product website at API Overview.

    Procedure

    1. Navigate to All > Invicti > Invicti Configuration.
    2. Fill out the fields.
      Field Description
      API URL User's Invicti's instance URL. This is the information you obtained from Prepare for the Invicti Vulnerability Integration.
      User ID Unique user ID.
      API token API token you generated from your Invicti console. This is the information you obtained from Prepare for the Invicti Vulnerability Integration.
      Choose the scan type. You must select at least one.
      Import DAST Option to include vulnerabilities from DAST scans. DAST scans find vulnerabilities for an application dynamically while it is running. This approach might imitate an outside attack.
      Import IAST Option to include vulnerabilities from IAST scans. IAST scans detect software vulnerabilities by interacting with the program while it is running. Human observation, automated tests, and sensors are used in combination to interact with the application to locate vulnerabilities.
      Date format Parameter that converts the start time to the format supported by the Invicti API used by the Invicti Application Vulnerable Item Integration.

      This parameter should match the format you've defined or selected in your Invicti account, for example, dd/MM/yyyy. Verify the date and time formats in your Invicti console match those you enter for the Date format in your ServiceNow AI Platform instance.

      To change this format in your Invicti console:

      1. Log in at Invicti Sign In.
      2. Select User name in the top right.
      3. Navigate to User settings > Date and time format.
      Note:
      Failed imports might occur if you enter an invalid date format in your ServiceNow AI Platform instance.

      If you enter a valid format in your instance that differs from the date format in your Invicti console, Invicti will return an empty payload.
      Manage exceptions in ServiceNow Choose one:
      Activated (selected)
      Application vulnerable items (AVIT) from Invicti with states such as Present and AcceptedRisk that might be deferred in your instance are instead mapped to Open automatically.
      Deactivated (not selected)
      Source states for Application vulnerable items (AVITs) imported from Invicti are preserved. You must manage exceptions for these AVITs (defer them) from AVIT records.

      For more information about Invicti source states and target fields, see Invicti Vulnerability Integration state mapping.
      Manage false positives in ServiceNow Choose one:
      Activated (selected)
      AVITs with states from Invicti such as Present and False Positive that might transition to Closed in your instance are instead mapped to Open automatically.
      Deactivated (not selected)
      AVIT states imported from Invicti are preserved. You must manage false positives or potential false positives for these AVITs from AVIT records.
    3. Select Save and Test Credentials.
    4. Optional: Modify your lookup rules so they are based on configuration items.

      By default, the sn_vul.use_product_model system property is activated (set to true) for your Lookup rules listed on the [sn_sec_cmn_ci_lookup_rule] table based on the product model. When this rule is activated:

      • This rule identifies matches between imported data and the data in your Configuration Management Database (CMDB) based on the product model.
      • Records are created or updated on the Discovered Applications [sn_vul_app_release] table.
      • When you create or edit your lookup rules for Invicti, Product Model is displayed in the Lookup target field on the rule form.

      To modify your rules so they are based on configuration items, you must manually deactivate (set to false) the sn_vul.use_product_model system property.

      1. Navigate to All > System Properties and locate the sn_vul.use_product_model record and set the Value to false.
      2. Select Update.
      3. Navigate to All > Security Operations > CMDB > Lookup Rules.
      4. Locate the Application name and Source Application ID rules that have the Lookup target as Configuration item.
      5. Select the Active check box for these rules.
      6. Select Update.
        When you create or edit your lookup rules for Invicti, note that Configuration item is displayed in the Lookup target field on the rule form. Records are created or updated on the Scanned Applications [sn_vul_app_scanned_application] table.