Manual ingestion of vulnerabilities

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manual ingestion of vulnerabilities

    Manual ingestion of vulnerabilities in the ServiceNow Vulnerability Response application allows you to import vulnerability data directly, enabling quicker remediation without waiting for automated scanner results. This feature is particularly useful for proactively protecting assets against unknown threats like zero-day exploits by manually uploading vulnerability findings.

    Show full answer Show less

    Key Features

    • Supported File Formats: You can upload vulnerability data using Excel or CSV files through a dedicated Upload File UI.
    • Template Usage: A predefined template is available for manual ingestion. It is critical to follow the template guidelines precisely, including maintaining column names, sheet order, and avoiding typing errors in key fields such as Severity and State.
    • Data Validation: Records with errors in critical columns are skipped to ensure data integrity.
    • Custom Columns: Starting with version 24.0.6, you can add additional columns to the Excel template to capture more detailed vulnerability information.
    • Integration Types: Two default integrations handle file processing:
      • Manual Ingestion Excel Integration: Processes Excel files.
      • Manual Ingestion CSV Integration: Processes CSV files.
    • Integration Parameters: Key parameters include maxinputrecords (limits the number of records processed to avoid performance issues, recommended max 1000) and insertfixed (controls import of fixed vulnerability detections).

    Practical Use and Navigation

    • Access the template and upload interface via All > Vulnerability Response > Manual Vulnerability Item Ingestion > Upload File UI.
    • View and manage integrations via All > Vulnerability Response > Manual Vulnerability Item Ingestion > Integrations.
    • Adjust integration instance parameters as needed under All > Vulnerability Response > Integration Instances.

    Key Outcomes

    By manually ingesting vulnerability data, you gain faster control over vulnerability remediation cycles, allowing your security teams to address risks without delay from scanner schedules. This improves your overall security posture by enabling proactive vulnerability management and protection against emergent threats.

    Manually ingest vulnerabilities into the Vulnerability Response application so that you can remediate them quickly without having to wait for scanner results.

    Third-party scanners such as Rapid7 help import vulnerability data into Vulnerability Response and process the data to report the findings. With Manual Ingestion integration, you can proactively ingest the vulnerabilities and remediate them instead of waiting for scanners to report the assets that are at risk. Manual ingestion of vulnerabilities effectively protects the assets against unknown threats such as zero-day exploits.

    Manual ingestion of vulnerabilities

    You can import the vulnerability data by uploading a template in the following file formats:
    • Excel
    • Comma-separated value (CSV)

    To access and download the template, navigate to All > Vulnerability Response > Manual Vulnerability Item Ingestion > Upload File UI.

    Ensure that you follow these key points while populating the records in the template:
    • Do not make any typing errors in the Severity/ State column records. If there is a typing error, the record is skipped.
    • Do not change the column names.
    • Do not put column names in any row except the first row.
    • Do not change the order of the sheets in the Microsoft Excel template. The vulnerabilities data must always be present in the second sheet.
    • Do not put vulnerabilities details in any sheet except the Input Manual Detections sheet.
    • Do not use any character except alphanumeric and special characters such as dash (-), period (.), plus (+), underscore ( _ ), space, brackets ‘(‘ ‘)’, and at symbol (@) for the filename.

    For instructions on how to populate the data in the template, see Template for manual ingestion of vulnerabilities.

    Starting with v24.0.6 of Vulnerability Response, you can also create additional columns in the Microsoft Excel template. For more information, see KB1646630.

    Manual Ingestion integrations

    The integration is triggered when a file is uploaded. Based on the type of file uploaded, the related integration is triggered.

    To view the integrations, navigate to All > Vulnerability Response > Manual Vulnerability Item Ingestion > Integrations.

    The following base system Manual Ingestion integrations are available by default.

    Table 1. Integrations
    Integration type Description
    Manual Ingestion Excel Integration Retrieves data by fetching the latest Microsoft Excel file uploaded from the Vulnerability Ingestion Push Queue table and copies the attachment to the respective Integration run.
    Manual Ingestion CSV Integration Retrieves data by fetching the latest CSV file uploaded from the Vulnerability Ingestion Push Queue table and copies the attachment to the respective Integration run.
    The Manual Ingestion third-party integration creates an integration instance, by default, with the following two integration instance parameters:
    • max_input_records: Defines the number of records that can be created in the template. If you add more records than what is specified in this parameter, the additional records are skipped. The number of records can be updated in the Value column. The recommended number of record creations in the template is 1000. Anything above this value can pose performance challenges.
    • insert_fixed: Imports fixed vulnerability detections.

    To view the integration instance parameters, navigate to All > Vulnerability Response > Manual Vulnerability Item Ingestion > Integrations and click the source instance of any integration. Alternatively, you can navigate to All > Vulnerability Response > Integration Instances and click Manual Ingestion.