Rapid7 Vulnerability Integration run status chart

  • Release version: Zurich
  • Updated September 5, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Rapid7 Vulnerability Integration Run Status Chart

    The Rapid7 Vulnerability Integration in ServiceNow enables automated ingestion and analysis of vulnerability data collected by Rapid7 Nexpose sensors. This integration continuously analyzes and correlates vulnerability information, providing dynamic data visualizations within the Vulnerability Response Workspaces. These visualizations help organizations monitor remediation progress by showing the number and severity of active vulnerabilities that impact their business services and configuration items (CIs).

    Show full answer Show less

    The Rapid7 Vulnerability Integration Run Status module offers a graphical dashboard view of integration run statuses, accessible in the New Experience UI starting with Vulnerability Response version 19.0. It allows customers to track the performance and results of data ingestion runs, including counts of new, updated, and unchanged vulnerable items.

    Key Features

    • Dynamic Visualizations: Updated charts and reports in Vulnerability Response Workspaces help monitor threat levels and remediation progress in real time.
    • Run Status Dashboard: A graphical interface shows the status of Rapid7 integration runs, including success and failure rates, available in the New Experience UI.
    • Detailed Item Metrics: The dashboard displays counts of imported vulnerable items broken down into new, updated, and unchanged categories. The duplicate items column is deprecated and can be removed from views.
    • Performance Monitoring: Two new graphs compare daily performance metrics and ingestion throughput for vulnerable items over the last 30 days, assisting in identifying integration performance deviations.
    • Integration with Vulnerability Response: Maps vulnerabilities to CIs and business services to prioritize threats based on potential business impact.
    • Legacy and Next Experience UI Support: While the dashboard is primarily supported in the New Experience UI, some functionality is available in the Next Experience UI for Tokyo releases with limited features.

    Key Outcomes

    • ServiceNow customers can continuously monitor the status and performance of their Rapid7 Vulnerability Integration runs, ensuring timely and accurate vulnerability data ingestion.
    • Visibility into new and updated vulnerable items helps prioritize remediation efforts aligned with business impact.
    • Performance metrics enable administrators to detect and troubleshoot integration processing delays or issues based on item ingestion rates and queue times.
    • Filtering of integration runs that yield no new or updated data streamlines the focus on meaningful vulnerability updates.
    • Integration reports facilitate verification of detection data against ServiceNow’s internal tables to maintain data accuracy.

    Rapid7 Nexpose sensors collect the data and automatically send it to the Rapid7 Nexpose or Rapid7 InsightVM products, which continuously analyze and correlates the information.

    Data visualizations in the Vulnerability Response Workspaces

    The Vulnerability Response Workspaces include data visualizations that can help you monitor your remediation progress. You can determine the threat level to your organization by viewing the number and severity of active vulnerabilities that are important to your organization on dynamic data visualizations that are updated as vulnerability data changes. See Vulnerability Response Workspaces, Vulnerability Manager Workspace and Exploring the IT Remediation Workspace for more information about the dynamic data visualizations that are available.

    Rapid7 Vulnerability Integration works easily with Vulnerability Response to map vulnerabilities to CIs and business services to determine impact and priority of potentially malicious threats. The Rapid7 Vulnerability Integration Run Status module is a graphical view of the status of Rapid7 Vulnerability Integration runs.

    To view this data in the legacy view, navigate to All > All Rapid7 Vulnerability Integration > Integration Run Status.

    Starting with version 19.0 of Vulnerability Response, this dashboard is available in the New Experience UI.
    Note:
    If you are on Tokyo, you can view the dashboards in the Next Experience UI but with some functional loss.

    Previous versions of Vulnerability Response

    In the chart, point to any part (bar, pie, data point, and so on) to view general data specific to that part. If you click any part of a report, a list opens to provide detailed information.

    Multiple factors can impact the performance of the integration run, like the amount of data and time taken to process this data. Two new graphs have been added to compare the performance metrics:
    • Rapid7 Vulnerable Item Ingestion Performance Metrics: Compare daily performance metrics for assignment rules, group rules, risk rules, queue wait time, queue processing time, and other statistics for vulnerable items for the last 30 days, to identify the cause for any deviations in performance.
    • Rapid7 Vulnerable Item Ingestion Performance Throughput: Compare daily vulnerable item ingestion throughput for the Rapid7 Vulnerable Item Integration - API. Throughput is measured in items per hour.
    Note:
    In Rapid7, these graphs are supported only for the Insight VM integration.
    Figure 1. Rapid7 integration run status
    Rapid7 Integration Run Status
    Figure 2. Sample Rapid7 Vulnerability Integration run status chart
    Integration run status chart example from host detection
    • The value in the Imported Items column represents the total number of vulnerable items that are created from an integration run.
    • The New items column displays the number of vulnerable items that are created from an integration run.
    • The Duplicate items column is no longer populated. You may prefer to remove this column from the display.
    • The Updated items column displays the number of times vulnerable items are updated during an integration run. This value is not the number of unique vulnerable items that are updated. If for example, a vulnerable item is updated two times during the integration run, it is counted two times and displayed as 2 updated items.
    • The Unchanged items column displays vulnerable items found during the integration run that already exist in the database but were not updated, because none of the relevant field values had changed.
    Note:
    Integration runs with zero results for all four of the following values: New CIs, Existing CIs, New Items, and Updated Items are filtered out of the Rapid7 Integration Runs list.
    Table 1. Rapid7 Vulnerability Integration run status chart reports
    Name Description
    Last 30 Days Rapid7 Results The number of integration runs completed for each integration. Shows both successful and failed runs. Run in a bar visual.
    Last 30 Days Rapid7 New VIs The number of new vulnerable items imported in the last 30 days. Shown as an integer.
    Last 30 Days Rapid7 Updated VIs The number of updated vulnerable items imported in the last 30 days. Shown as an integer.
    Last 30 Days Rapid7 Duplicates The number of duplicate vulnerable items imported in the last 30 days. Shown as an integer.
    Rapid7 Integration Runs The integration run records in a list.
    Note:
    V16.1: To verify detections for this integration, compare the detections or findings with the ServiceNow detection data in the sn_vul_detection table.

    While the integration is in progress, there might be a change in the detection or findings count. This report displays the count of detections in the ‘Till date count’ column in the instance, after the completion of the integration run.
    Last 30 Days Rapid7 Vulnerable Item Ingestion Performance Metrics Daily performance metrics for vulnerable items compared for the last 30 days.
    Last 30 Days Rapid7 Vulnerable Item Ingestion Performance Throughput Daily vulnerable item ingestion throughput for the Rapid7 Vulnerable Item Integration - API measured for the last 30 days.