Review Unified Security Exposure Management integrations

  • Release version: Zurich
  • Updated August 9, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Review Unified Security Exposure Management integrations

    The Review Unified Security Exposure Management integrations feature in ServiceNow provides a centralized dashboard to monitor and manage third-party security integrations. It offers insights into the status, performance, and health of integration runs, helping customers ensure smooth data ingestion and processing from external security tools.

    Show full answer Show less

    Accessing the Integration Dashboard

    Customers can access the dashboard by navigating to Workspaces > Security Exposure Management Workspace > Administration and selecting Review on any integration. The dashboard includes interactive data visualizations where users can hover over chart elements to see detailed metrics and drill down into specific reports.

    Key Features

    • Integration Runs Metrics: Displays the number of integration runs (successful and failed) over the past 7 and 30 days using vertical bar charts. Common failure causes include network interruptions and data corruption during transformations. Customers can rerun integrations with a full data import option to resolve issues.
    • Ingestion Health Highlights: Provides metrics on import queue processing time, wait time, and REST API response time to track data ingestion efficiency.
    • Processing Health Metrics: Shows performance data over the last 30 days for assignment rules, remediation tasks, configuration item lookup, risk evaluation, and vulnerability identification creation. Color-coded indicators help quickly identify deviations or bottlenecks.
    • Integration Status Table: Lists all integrations with details such as name, active status, run schedule (day and time), and the last run status. Notes provide additional context, such as automatic token renewal for Tenable.sc integrations after failures.
    • Integration Processing Details: Explains how integration data is processed in multiple queue entries with a one-hour processing limit per entry. Mechanisms like heartbeat timestamps monitor queue activity to detect and handle stuck entries, preventing delays.

    Practical Considerations for Customers

    • If an integration run fails, use the dashboard to identify failure causes and rerun the integration with the full data import option.
    • Monitor ingestion and processing health metrics to ensure integrations are performing optimally and to troubleshoot any slowdowns.
    • Understand that large data payloads may cause timeouts but the system uses heartbeats to manage queue activity and avoid processing delays.
    • Check integration run statuses regularly to confirm that tokens and authentication are valid, especially for integrations like Tenable.sc that auto-renew tokens.

    The integration dashboard provides an overview of the installed third-party applications and the status of the integration runs.

    In the chart, point to any part (bar, pie, data point, and so on) to view general data specific to that part. If you select any part of a report, a list opens to provide detailed information.

    Access the Integration Dashboard

    To open the dashboard, navigate to Workspaces > Security Exposure Management Workspace > Administration and select Review on any integration.

    Data visualization

    Note:
    To learn more about a widget, select the information icon.
    Table 1. Overview tab
    Metrics Type Description
    Integration runs

    Vertical Bar
    The number of integration runs completed for each integration. Shows both successful and failed runs in the past 7 and 30 days. The most common causes for a failed run include:
    • Network interruption
    • Bit decay in the data transfer resulting in corrupted data during the transform
    If you encounter any of these conditions, select the Full data import check box, click Execute Now, and rerun the integration.
    Ingestion health Highlights Provides information on the following:
    • Import queue processing time.
    • Import queue wait time.
    • REST API time.
    Processing health Multiple lines Provides performance metrics for assignment rules, remediation task rules, CI lookup time, risk rules, and VI creation time for the last 30 days, to identify the cause for any deviations in performance. The performance is calculated based on the time taken for each activity. These parameters are calculated and associated at the integration run level. Each parameter is color coded for easy identification.
    Note:
    Multiple factors can impact the performance of the integration run, like the amount of data and time taken to process this data.
    Table 2. Integrations
    Name Description
    Name Name of the integration.
    Active Status of the integration whether active or not.
    Run Run schedule of the integration
    Day Day on which the integration runs.
    Time Time at which the integration runs.
    Last run status Status of the last integration run whether failed or successful.
    Notes Notes
    Note:
    If a Tenable.sc integration run fails for any reason, the authentication token for Tenable.sc automatically expires and a message is displayed on the Vulnerability Integration Process record. A new token is automatically generated for the next integration process. All the integration processes, failed and successful, are displayed on the Vulnerability Integration Process tab on the Vulnerability Integration Process record.
    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing. The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.