Verify Vulnerability Response vulnerable item detection data on integration run (VINTRUN) records

  • Release version: Zurich
  • Updated July 31, 2025
  • 4 minutes to read

    • From integration run records in your ServiceNow AI Platform® instance, you can locate third-party integration vulnerable item detection data based on the date and time of scans. Verify the scan successfully completed, view the number (counts) of individual detections, as well as any vulnerable items (VIs) that are created or updated directly as a result of the scans.

    Before you begin

    Role required: sn_vul.vulnerability_admin or sn_vuln.admin (deprecated)

    Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

    You may prefer to have the integration run information, either date and time of the scan, or the integration run record number (VINTRUN#) from the vulnerable item or detection records to help you locate specific records from the following lists.

    Procedure

    1. Choose one to continue.
      IntegrationDescription
      Navigate to Rapid7 Vulnerability Integration > Administration > Integrations

      From the Rapid7 Integrations list, choose the integration you want to view the detection scan results for.

      1. Rapid7 Data Warehouse:
        • Rapid7 Vulnerable Item Integration
        • Rapid7 Vulnerable Item Resolution Integration
        • Rapid7 Comprehensive Vulnerable Item Integration
      2. Rapid7  Vulnerable Item Resolution Integration (InsightVM)
        • Rapid7 Vulnerable Item Integration - API
        • Rapid7 Comprehensive Vulnerable Item Integration - API
      Navigate to Qualys > Qualys Vulnerability integration > Primary Integrations
      From the Qualys Integrations list, choose from:
      • Qualys Host Detection Integration
      • Qualys Comprehensive Host Detection Integration
      Navigate to Tenable Vulnerability Integration > Administration > Integrations From the Tenable Integrations list, choose the integration you want to view the detection scan results for.
      Navigate to Microsoft TVM Vulnerability Integration > Administration > Integrations From the Microsoft TVM Integrations list, choose the integration you want to view the detection scan results for.
    2. On the bottom of the page that is displayed, click the Vulnerability Integration Runs tab.
    3. Click an item in either the Number or Import Source columns to open a record.

      The integration run record is displayed.

      Figure 1. Rapid7 Integration run record
      Rapid7 integration run record
      Figure 2. Qualys Integration run record
      Qualys integration run record
      The integration run record is displayed. You can verify in the State field that the integration ran successfully. Select the Configuration Items tab.
      CIs tab on the Integration Run
      The Configuration Items tab displays the following information:
      • The Configuration Items tab displays the total number of configuration items that are imported.
      • The New CIs field displays the number of CIs created as a part of this integration run.
      • The Imported CIs field displays the sum of all the CIs in this section.
      • The value of the Ignored CIs field is always 0 for the Vulnerability Response integrations.
      • The Existing CIs field displays the total number of CIs that are already in existence.
      Click the Items tab.
      Items tab on the Integration Run record highlighted.
      The Items tab displays the following information:
      • The Items tab displays the total number of VIs that are imported. You can see the total detections imported by adding the numbers listed on the Detections tab.
      • The New items field displays the number of vulnerable items that are created from this integration run.
      • The Imported items field displays the sum of the all the fields in this section.
      • The Duplicate items field is no longer populated.
      • The Updated items field displays the number of times vulnerable items are updated during this integration run. This value is not the number of unique vulnerable items that are updated. If for example, a vulnerable item is updated two times during the integration run, it is counted two times and displayed as 2 updated items.
      • The Unchanged items field displays vulnerable items found during the integration run that already exist in the database but were not updated, because none of the relevant field values had changed.
    4. Click the Detections tab.

      This tab is only displayed if the integration run has any detections. You can verify the total detections imported by adding the numbers listed.

      Figure 3. Detections tab from VR v15.0
      Detections tab on integration run record
      Note:
      Prior to v15.0, there was no field for Ignored detections.

      The Detections tab displays the following information:

      • Starting with v15, a new field Ignored detections has been added to track the detections, which were previously ignored. With this implementation, the count of detections imported, and the count tracked on integration run records becomes consistent. This functionality has been implemented for all the scanners i.e., Qualys Vulnerability Integration, Rapid7 Vulnerability Integration, Tenable Vulnerability Integration and Microsoft TVM.
      • The New detections field displays new detections that are created during this integration run.
      • The Unchanged detections field displays detections found during the integration run that already exist in the database but were not updated, because none of the relevant field values had changed.
      • The Updated detections field displays the number of times detections are updated during this integration run. This value is not the number of unique detections updated. If for example, a detection is updated twice as part of the integration run, it is counted two times and displayed as 2 updated detections.
        Note:
        Detections that are not displayed in these counts are detections that are in a closed state (Fixed), because fixed records are used to update existing VIs. If you want more visibility to these detection records, you can display the closed VIs that are created when there is not an existing, matching VI in an open state. For more information about Vulnerabilities in the fixed state that you can enable in Setup Assistant for the Qualys integration, see Configuring Vulnerability Response using the Setup Assistant.
    5. Click an item in either the Number or Import Source columns to open a record.