Manual ingestion of vulnerabilities
Summarize
Summary of Manual ingestion of vulnerabilities
Manual ingestion of vulnerabilities in the Vulnerability Response application allows you to quickly import and remediate vulnerabilities without waiting for automated scanner results. This is especially useful for protecting assets against unknown threats such as zero-day exploits. While third-party scanners like Rapid7 automate vulnerability imports, manual ingestion lets you proactively upload vulnerability data, accelerating your response process.
Show less
How to Import Vulnerabilities
You can import vulnerability data by uploading a template in either Excel or CSV format. The template can be accessed via the application interface at:
- All > Vulnerability Response > Manual Vulnerability Item Ingestion > Upload File UI
Key guidelines for populating the template include:
- Ensure no typing errors in the Severity/State columns, as errors cause records to be skipped.
- Do not modify column names or their order.
- Only the first row should contain column names.
- The vulnerabilities must be listed only in the second sheet named “Input Manual Detections.”
- Use only alphanumeric characters and these special characters in filenames: dash (-), period (.), plus (+), underscore (), space, brackets ( ), and at symbol (@).
Starting with version 24.0.6, you can add additional columns to the Excel template for more detailed data.
Manual Ingestion Integrations
Manual ingestion is triggered automatically upon file upload. The system includes two default integration types to handle the uploaded files:
- Manual Ingestion Excel Integration: Processes the latest Excel file uploaded in the Vulnerability Ingestion Push Queue.
- Manual Ingestion CSV Integration: Processes the latest CSV file uploaded in the Vulnerability Ingestion Push Queue.
These integrations create an instance with configurable parameters:
- maxinputrecords: Limits the number of records processed per upload (recommended maximum: 1000 to avoid performance issues).
- insertfixed: Determines whether fixed vulnerabilities are imported.
You can view and modify these integration instances and parameters from the application at:
- All > Vulnerability Response > Manual Vulnerability Item Ingestion > Integrations
- or All > Vulnerability Response > Integration Instances (select Manual Ingestion)
Benefits for ServiceNow Customers
This capability enables your security and IT teams to rapidly ingest and act on vulnerability data from multiple sources without waiting for automated scans. It improves your ability to remediate risks promptly, enhances protection against emerging threats, and integrates seamlessly into your existing Vulnerability Response workflows.
Manually ingest vulnerabilities into the Vulnerability Response application so that you can remediate them quickly without having to wait for scanner results.
Third-party scanners such as Rapid7 help import vulnerability data into Vulnerability Response and process the data to report the findings. With Manual Ingestion integration, you can proactively ingest the vulnerabilities and remediate them instead of waiting for scanners to report the assets that are at risk. Manual ingestion of vulnerabilities effectively protects the assets against unknown threats such as zero-day exploits.
Manual ingestion of vulnerabilities
- Excel
- Comma-separated value (CSV)
To access and download the template, navigate to .
- Do not make any typing errors in the Severity/ State column records. If there is a typing error, the record is skipped.
- Do not change the column names.
- Do not put column names in any row except the first row.
- Do not change the order of the sheets in the Microsoft Excel template. The vulnerabilities data must always be present in the second sheet.
- Do not put vulnerabilities details in any sheet except the Input Manual Detections sheet.
- Do not use any character except alphanumeric and special characters such as dash (-), period (.), plus (+), underscore ( _ ), space, brackets ‘(‘ ‘)’, and at symbol (@) for the filename.
For instructions on how to populate the data in the template, see Template for manual ingestion of vulnerabilities.
Starting with v24.0.6 of Vulnerability Response, you can also create additional columns in the Microsoft Excel template. For more information, see KB1646630.
Manual Ingestion integrations
The integration is triggered when a file is uploaded. Based on the type of file uploaded, the related integration is triggered.
To view the integrations, navigate to .
The following base system Manual Ingestion integrations are available by default.
| Integration type | Description |
|---|---|
| Manual Ingestion Excel Integration | Retrieves data by fetching the latest Microsoft Excel file uploaded from the Vulnerability Ingestion Push Queue table and copies the attachment to the respective Integration run. |
| Manual Ingestion CSV Integration | Retrieves data by fetching the latest CSV file uploaded from the Vulnerability Ingestion Push Queue table and copies the attachment to the respective Integration run. |
- max_input_records: Defines the number of records that can be created in the template. If you add more records than what is specified in this parameter, the additional records are skipped. The number of records can be updated in the Value column. The recommended number of record creations in the template is 1000. Anything above this value can pose performance challenges.
- insert_fixed: Imports fixed vulnerability detections.
To view the integration instance parameters, navigate to and click the source instance of any integration. Alternatively, you can navigate to and click Manual Ingestion.