ServiceNow Vulnerability Response (VR) is a robust solution designed to help organizations manage vulnerabilities effectively by integrating security data with IT workflows. It automates the processes of identifying, prioritizing, and remediating vulnerabilities, ensuring a proactive security posture. This guide provides a comprehensive walkthrough of the module, emphasizing essential features, configuration steps, and troubleshooting tips.
A detailed visual representation of ServiceNow's vulnerability response process, highlighting key stages like identification, prioritization, and remediation to streamline security management.
Scanners find vulnerabilities in your environment. ServiceNow supports multiple integrations, such as Qualys, Tenable, and Rapid7. When these scanners detect vulnerabilities, the device found by the scanner is matched to a CI in the CMDB. If a match cannot be made, a temporary Cl is created. A vulnerable item record is created from the scanner record.
The Vulnerable Item record might be enriched by data from the following integrations:
This visual highlights how vulnerability scanners integrate seamlessly within ServiceNow, enabling efficient identification, prioritization, and remediation of security risks through centralized management.
ServiceNow Vulnerability Management provides many third-party vulnerability solutions with the ability to integrate and import vulnerability scan results. Automation rules defined in ServiceNow help organize all the noise generated by these Vulnerability products and help customers identify priorities for their organization.
Orchestration tools can automate actions such as patching, making configuration changes, or sending requests to security products, such as blocking an IP in the firewall, thus reducing the time required to remediate a vulnerability.
The image highlights various types of vulnerabilities within the ServiceNow platform, categorized to enhance visibility, streamline management, and support effective risk prioritization.
There are different types of vulnerabilities that require different security approaches. First, let's discuss Infrastructure and Container Vulnerabilities.
Network components like databases, servers, and clients form the backbone of IT systems and develop redundancy over time. These vulnerabilities often impact network security. Since infrastructure elements are typically not client-facing, addressing issues can take longer without disrupting services. Securing the enterprise perimeter requires extensive vulnerability data from network traffic scans, IPS detection, DDoS protection, VPNs, and secure web gateways.
Containers bundle all components needed to run applications across environments, making them popular for cloud deployment. They virtualize operating systems, enabling use across private data centers, the cloud, or developer laptops. Tools like Google Cloud Platform, Docker, and Microsoft Containers simplify container management. As containers streamline development, their security is a growing focus for organizations.
Role: sn_vul.vulnerability_admin
Role: sn_vul.remediation_owner
Role: sn_vul.vulnerability_analyst
Role: sn_vul.ci_manager
Role: sn_vul.exception_approver
Before you run the Vulnerability Response application in your Now Platform instance, you must get entitlement and download the application from the ServiceNow Store, install it on your Now Platform instance, and complete a few installation steps in Setup Assistant.
1. To get entitlement and download the Vulnerability Response core application, navigate to the ServiceNow Store.
2. In the upper right of the page, click Log In.
The ServiceNow store offers a wide range of apps and solutions designed to streamline workflows, improve business operations, and enhance productivity.
3. In the dialog that is displayed, enter your HI credentials and click Login.
4. If it is not selected on the displayed page, click the ServiceNow Products tab.
An interface view of the ServiceNow store with a focus on the 'ServiceNow Products' link, showing its placement and visibility in the navigation menu.
5. To view the associated applications that you are eligible for with the Vulnerability Response application, on the product list page, click the Vulnerability Response product.
The image shows the "Vulnerability Response" product from ServiceNow, which focuses on helping organizations identify, assess, and prioritize vulnerabilities across their systems.
The Eligible tab lists all the applications you are eligible for if you opt-in. For more information on an application, click a link.
An image showing the ServiceNow Store, with emphasis on the 'ServiceNow Products' link, guiding users to a range of offerings within the platform.
6. To get the Vulnerability Response core application, click Opt-in.
7. To agree to the terms and conditions, at the prompt, select the checkbox and click Accept.
A message will be displayed that indicates you have successfully opted in to the application.
Visual confirmation that the user has successfully opted into the service, indicated by a checkmark or success message.
With the ServiceNow Products tab selected and displayed, a green check mark replaces the plus sign to the right of the Vulnerability Response application.
After you have accepted the terms and conditions and managed entitlements for any of the applications on the ServiceNow Products tab on the Products List page, you can click the plus sign (+) to get entitlement and opt-in for the other applications on this page with a single click.
8. Skip to step 10 to install the application on your Now Platform instance.
9. (Optional) Alternatively, to manage your entitlement for the Vulnerability Response application on other Now Platform instances, follow these steps.
a. If the Manage Entitlement button is not displayed, click the Vulnerability Response application on the Product List to display it.
b. With the Eligible tab selected, click Manage Entitlement.
Explore the 'Manage Entitlement' button on the ServiceNow Store’s Vulnerability Response link, designed to help users manage their entitlement settings efficiently.
c. In the Manage Entitlements for Vulnerability Response dialog that is displayed, choose one:
An interface view from ServiceNow Vulnerability Response that highlights how to manage user entitlements, ensuring secure access control to critical vulnerability management features and resources.
d. Click OK or Cancel to continue.
You are ready to activate plugins and install the application on your Now Platform instance(s).
10. Log in to the Now Platform instance that you want to install the Vulnerability Response application.
11. Navigate to All > System Applications > All Available Applications > All.
The "All Applications" window in ServiceNow offers a quick, organized view of all available applications for easy navigation and access.
12. From the applications listed, locate the Vulnerability Response application (sn_vul), select a version from the choice list, and click Install.
The Application installation dialog is displayed. Any dependencies that will be installed are displayed.
13. (Optional) If you want demo data, select the Load demo data check box and click Install.
Note: If you do not select the Load demo data check box, demo data is not available to install from the Application Manager later.
During the application installation process, the focus is on the 'Load demo data' checkbox, which is selected to automatically populate the system with example data for testing and configuration purposes.
This installation may take some time. A message is displayed in the Install dialog after the application is successfully installed.
14. Click Close.
After installation is successfully completed, navigate to All >Vulnerability Response>Administration >Setup Assistant.
A step-by-step guide within the ServiceNow interface to assist in configuring and setting up Vulnerability Response.
Role required: admin
A list of users and integrations should be obtained from the Vulnerability Manager prior to beginning these tasks.
This window shows the process of installing and configuring integration applications within ServiceNow, allowing seamless connectivity with external systems and tools.
5. Locate the application you want to install and click Install on the application tile. The All Applications dialog is displayed with the name of the application tile you clicked, for example, Rapid7 Integration for Security Operations, as shown in the following figure.
Explore the 'All Applications' window in ServiceNow's Rapid7 Integration for Security Operations, where you can easily access and manage security applications to streamline vulnerability detection, assessment, and remediation processes.
6. Locate the application, select a version from the choice list, and click Install. If an update is available for the application, the Update button is displayed.
Rapid7 Integration for Security Operations helps enhance security operations by streamlining threat management and incident response, ensuring a more efficient security workflow within your organization.
The Application installation dialog displays the application dependency status. Any required dependencies not already installed are automatically installed along with the application.
7. In the Application installation dialog, click Install.
Displays the dialog window for installing the application, with instructions and options to proceed with the setup process.
The Install dialog indicates when the installation is successfully completed.
8. Close the dialog.
The All Applications page will be displayed, and your application will be successfully installed.
After installation and activation, you can configure, schedule, and launch the following applications and installed solutions directly from the Integration Configuration section of Setup Assistant:
For other applications not listed above, navigate directly to the configuration module of the application to continue with the configuration and to enter any required third-party credentials. For example, the following image shows the location of the Configuration and module for the Rapid7 application. For more information about configuring specific applications, see the installation and configuration product documentation by product name provided for each application.
View of the Rapid7 Configuration form in ServiceNow, illustrating the setup for integrating Rapid7 vulnerability management data with ServiceNow’s platform for streamlined security workflows.
Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin
Detailed view of the Vulnerability Response Settings within the ServiceNow Setup Assistant, highlighting the key configuration options for effective vulnerability management and integration.
In Vulnerability Response Settings, the vulnerability administrator defines application-wide settings and defines rules for Vulnerability Response. Alternatively, the admin can perform these tasks.
Integration ConfigurationRole required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin.
The Integration Configuration page in the Setup Assistant allows users to easily configure integrations within the ServiceNow platform.
In the Integration Configuration section, configure, schedule, edit, and launch on-demand the following third-party vulnerability scanner integrations and, if the Solution Management for Vulnerability Response application is installed, solution providers.
Data from each third-party integration is uniquely identified and available in a single instance of Vulnerability Response.
Note: Multiple vulnerability integrations for Rapid7 InsightVM are not available within Setup Assistant.
ServiceNow Vulnerability Response empowers IT admins to proactively manage and remediate vulnerabilities, reducing risk and improving security posture. By leveraging integrations and automation, organizations can streamline vulnerability management and focus on high-priority issues. Use this guide to configure and optimize your Vulnerability Response module, ensuring effective protection for your organization.
