Errors for the Vulnerability Response Integration with Claroty CTD

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Errors for the Vulnerability Response Integration with Claroty CTD

    This document outlines common error messages encountered while using the Vulnerability Response Integration with Claroty CTD in ServiceNow Zurich release. It provides practical troubleshooting guidance for errors during data retrieval and processing phases in both Vulnerability Detection and Vulnerability Auto-Closure integrations.

    Show full answer Show less

    Data Retrieval Errors

    Errors during data retrieval typically arise from missing or incorrect integration configuration parameters:

    • Missing credentials: The integration requires a valid user name and password combination.
    • Incomplete integration job setup: REST message, REST method, Claroty CTD server URL, and detection API resource path (default: /ranger/assetswithinsights) must be specified.
    • Invalid API response codes: For example, a 401 Unauthorized indicates invalid credentials.
    • Missing pagination data: The counttotal property must be present in the JSON response for pagination; its absence implies an invalid payload or connectivity issues.
    • Payload parsing issues: Errors parsing the 'objects' array or JSON data suggest invalid responses or connectivity problems; checking MID Server reachability and HTTP logs is recommended.

    Data Processing Errors

    Errors encountered during processing of retrieved data often relate to attachment handling:

    • Error writing attachments: Usually caused by missing snvul.vrimportadmin role for the MID Server user, preventing data attachment to the Data Source.
    • Null or missing attachment content: Indicates possible issues with Claroty API responses or ServiceNow processing; administrative intervention is advised.
    • Failed JSON parsing: Invalid JSON payloads in Data Source attachments often result from prior retrieval errors and require investigation of API connectivity and responses.

    Practical Recommendations for ServiceNow Customers

    • Verify that all required integration configuration fields (credentials, REST message, REST method, server URL, API resource path) are correctly populated.
    • Ensure the MID Server has network connectivity to the Claroty CTD instance and is assigned the necessary roles, especially snvul.vrimportadmin.
    • Monitor API response codes and JSON payloads closely; invalid codes such as 401 typically indicate authentication failures.
    • Use Outbound HTTP Logs and examine Data Source attachment files (e.g., response.json) to validate API responses and presence of required pagination properties.
    • Contact your ServiceNow administrator if errors persist, especially those related to attachment processing or unexpected null content.

    You may encounter errors that need troubleshooting while you’re working with the Vulnerability Response Integration with Claroty CTD.

    Vulnerability Detection Integration (Data Retrieval)

    Error message Possible cause
    Can’t run a Claroty CTD Integration without a user name and password combo. No user name or password is present on the integration configuration.
    Can’t run integration without a REST message and REST method specified. On the Claroty CTD Integration job record, the REST message or REST method fields aren’t populated.
    Can’t run integration without Claroty CTD server URL specified. No URL is present on the integration configuration.
    Can’t run integration without the detection API resource path specified. On the integration configuration, the detection_api_resource_path parameter isn’t populated. The default is /ranger/assets_with_insights.
    Invalid response code {response code} received from Claroty CTD. The response from the Claroty API was invalid. For example, the message Invalid response code 401 is received from Claroty CTD. This invalid response code means Unauthorized and that the credentials (user name/password) are likely invalid.
    Unable to read the count_total property from JSON data. The count_total used for pagination wasn’t present in the API response. It likely means that an invalid payload was received from Claroty CTD.

    Ensure that the Claroty CTD instance is reachable through the MID Server and examine the Data Source attachment response.json file to ensure that count_total exists.

    Vulnerability Detection Integration (Data Processing)

    Error message Possible cause
    Error writing attachment. The system couldn’t attach the response data to the Data Source. Contact your administrator for further assistance.

    A common cause for this error is that the MID Server user is missing the sn_vul.vr_import_admin role.
    Attachment content is null: attachment sys_id = {sys_id}. The Data Source attachment content is null. This could indicate an issue with the Claroty API itself, or an issue in ServiceNow. Contact your administrator for further assistance.
    Couldn’t find attachment with sys_id {sys_id}. Data Source attachment wasn’t found. Follow the same procedures for the preceding error.

    Vulnerability Auto-Closure Integration (Data Retrieval)

    Error message Possible cause
    Can’t run a Claroty CTD Integration without a user name and password combo. No user name or password is present on the integration configuration.
    Can’t run integration without a REST message and REST method specified. On the Claroty CTD Integration job record, the REST message or REST method fields aren’t populated.
    Can’t run integration without Claroty CTD server URL specified. No URL is present on the integration configuration.
    Can’t run integration without the detection API resource path specified. On the integration configuration, the detection_api_resource_path parameter isn’t populated. The default is /ranger/assets_with_insights.
    Invalid response code {response code} received from Claroty CTD. The response from the Claroty API was invalid. For example, the message Invalid response code 401 is received from Claroty CTD. This invalid response code means Unauthorized and that the credentials (user name/password) are likely invalid.
    Unable to read the count_total property from JSON data. The count_total used for pagination wasn’t present in the API response. It likely means that an invalid payload was received from Claroty CTD.

    Ensure that the Claroty CTD instance is reachable through the MID Server and examine the Data Source attachment response.json file to ensure that count_total exists.
    Error parsing 'objects' array from response body. Likely means that an invalid payload was received from Claroty CTD. Ensure that the Claroty CTD instance is reachable and check Outbound HTTP Logs to see if there was a valid response.

    Vulnerability Auto-Closure Integration (Data Processing)

    Error message Possible cause
    Failed to parse the Data Dictionary JSON. The payload from the Data Source attachment was invalid JSON. Likely another error occurs before this error occurs. Ensure that the Claroty CTD instance is reachable and check Outbound HTTP Logs to see if there was a valid response.