Manage Vulnerabilities with ServiceNow Application Vulnerability Response
The Rapid7 InsightAppSec integration for Application Vulnerability Response (VR) is a ServiceNow application that imports application vulnerable items (AVIs) and provides users with the capability to remediate application vulnerabilities from within ServiceNow. All data can be retrieved based on a specific filter and scheduled to ensure that ServiceNow consistently receives new and updated information.
How the Integration Works
- The Integration manually or periodically fetches various types of data from the Rapid7 InsightAppSec platform such as Apps, Scans, Vulnerabilities and Attack details and ingests that data in the Application Vulnerability Response tables.
- The Integration brings the updated status vulnerabilities from the AppSec platform and updates their status in the ServiceNow AVI Tickets accordingly
- The Integration subsequently updates the status of the vulnerabilities on the AppSec platform if the status of the AVI Ticket is updated in the Application Vulnerable Item (AVI) Table for any particular vulnerability
- All the data is fetched based on a particular filter in a way that new and updated data is always received on the ServiceNow side
Integration Benefits
- Ability to fetch all data of apps, scans, vulnerabilities, attack modules and their attack details from the InsightAppSec platform
- Get updated status vulnerabilities from InsightAppSec
- Update the status of the vulnerabilities on InsightAppSec if the AVI Ticket status is changed on ServiceNow
- The AVI Ticket will be linked with the latest Attack Module and their details
- The AVI will get updated with the latest scan in which the vulnerability was identified
- All the Vulnerability Integrations can be triggered manually or can be scheduled to execute periodically
Integration Requirements
Before installing the integration, review the authentication and system requirements:
- Region and API Key for the Rapid7 InsightAppSec platform. These details are found in Rapid7's Insight Platform > API Key Management.
- ServiceNow Administrator role privileges are required to install this integration.
- Compatibility matrix and required plug-ins:
- ServiceNow versions “Vancouver” or “Washington DC”
- Rapid7 InsightAppSec Integration version 1.0.0
- ServiceNow Vulnerability Response plug-in version 22.1.3 must be active
Getting Started
Start with our interactive demo walkthrough!
To explore the main functionality and click around some of the key areas, check out our interactive demo walkthrough.
The integration can be installed from the ServiceNow Store by an Admin user of your ServiceNow Instance.
- Go to the ServiceNow store: https://store.servicenow.com/sn_appstore_store.do#!/store/application/9dfbec3333460e100ce3d6d24d5c7bb5/1.0.0
- Download the Installation Guide for detailed guidance on installation, configuration and usage: https://store.servicenow.com/appStoreAttachments.do?sys_id=4338ff39875c12506124bbb2debb352e.
Sequencing - Recommended Integrations Execution Flow
When completing setup, it is highly recommended that you follow the specified order of execution to ensure proper data ingestion; failure to do so may result in an unknown application state.
- Rapid7 InsightAppSec Apps Import
- Rapid7 InsightAppSec Scans Import
- Rapid7 InsightAppSec Vulnerabilities Import (Vulnerability Filter can be added to customize data import)
- Rapid7 InsightAppSec Fixed Vulnerabilities Import will be executed automatically after the Rapid7 InsightAppSec Vulnerabilities Import is successfully executed.
Vulnerability Status Mapping
Status Mapping from Rapid7 IAS Platform to ServiceNow
Rapid7 IAS Vulnerability State | ServiceNow AVIT State |
---|---|
Unreviewed | Open |
Verified | Open |
Ignored | Closed |
False Positive | Closed |
Remediated | Closed |
Duplicate | Closed |
Status Mapping from ServiceNow to Rapid7 IAS Platform
ServiceNow AVIT State | ServiceNow AVIT Substate | Rapid7 Vulnerability State |
---|---|---|
Open | N/A | Unreviewed |
Closed | Fixed | Remediated |
Closed | Cancelled | Ignored |
Closed | Stale | Ignored |
Closed | False Positive | False Positive |
Resolved | N/A | Remediated |
Under Investigation | N/A | Verified |
Awaiting Implementation | N/A | Verified |
Deferred | Risk Accepted | Ignored |
Deferred | Fix Unavailable | Ignored |
Deferred | Mitigating Control in Place | Ignored |
Deferred | Other | Ignored |
Severity Mapping
Insight AppSec Severity | ServiceNow Severity |
---|---|
HIGH | 2-High |
MEDIUM | 3-Medium |
LOW | 4-Low |
SAFE | 5-None |
INFORMATIONAL | 5-None |
Key Vulnerability Fields Mapping
ServiceNow | IAS |
---|---|
Source AVIT ID | Vulnerability Information - General - ID |
Vulnerability | Source AVIT (as above) ID with Rapid7 InsightAppSec Prefix |
Vulnerable Links | Vulnerabilities - URL |
Discovered App | Vulnerabilities - App |
Risk Rating | Severity (Mapping detailed above) |
State | Vulnerabilities - Status |
First Found | First Discovered |
Last Found | Last Discovered |
Affected Parameters | Vulnerability Information - Root Cause - Parameter |
Source Additional Info | Module Type, Attack Type |
Source Notes | Attack Variances - Proof |
Description | Attack Variances - Proof Description |
Source Link | Link to Vulnerability Detail Pane in InsightAppSec |
Remediation notes | References & Recommendations - References |
Short Description | Attack Variances - Attack Value, Original Value |
Risk Score | No IAS equivalent - ServiceNow Specific Calculation |