Manage Vulnerabilities with ServiceNow Application Vulnerability Response

The Rapid7 InsightAppSec integration for Application Vulnerability Response (VR) is a ServiceNow application that imports application vulnerable items (AVIs) and provides users with the capability to remediate application vulnerabilities from within ServiceNow. All data can be retrieved based on a specific filter and scheduled to ensure that ServiceNow consistently receives new and updated information.

How the Integration Works

  • The Integration manually or periodically fetches various types of data from the Rapid7 InsightAppSec platform such as Apps, Scans, Vulnerabilities and Attack details and ingests that data in the Application Vulnerability Response tables.
  • The Integration brings the updated status vulnerabilities from the AppSec platform and updates their status in the ServiceNow AVI Tickets accordingly
  • The Integration subsequently updates the status of the vulnerabilities on the AppSec platform if the status of the AVI Ticket is updated in the Application Vulnerable Item (AVI) Table for any particular vulnerability
  • All the data is fetched based on a particular filter in a way that new and updated data is always received on the ServiceNow side

Integration Benefits

  • Ability to fetch all data of apps, scans, vulnerabilities, attack modules and their attack details from the InsightAppSec platform
  • Get updated status vulnerabilities from InsightAppSec
  • Update the status of the vulnerabilities on InsightAppSec if the AVI Ticket status is changed on ServiceNow
  • The AVI Ticket will be linked with the latest Attack Module and their details
  • The AVI will get updated with the latest scan in which the vulnerability was identified
  • All the Vulnerability Integrations can be triggered manually or can be scheduled to execute periodically

Integration Requirements

Before installing the integration, review the authentication and system requirements:

  • Region and API Key for the Rapid7 InsightAppSec platform. These details are found in Rapid7's Insight Platform > API Key Management.
  • ServiceNow Administrator role privileges are required to install this integration.
  • Compatibility matrix and required plug-ins:
    • ServiceNow versions “Vancouver” or “Washington DC”
    • Rapid7 InsightAppSec Integration version 1.0.0
    • ServiceNow Vulnerability Response plug-in version 22.1.3 must be active

Getting Started

Start with our interactive demo walkthrough!

To explore the main functionality and click around some of the key areas, check out our interactive demo walkthrough.

The integration can be installed from the ServiceNow Store by an Admin user of your ServiceNow Instance.

When completing setup, it is highly recommended that you follow the specified order of execution to ensure proper data ingestion; failure to do so may result in an unknown application state.

  1. Rapid7 InsightAppSec Apps Import
  2. Rapid7 InsightAppSec Scans Import
  3. Rapid7 InsightAppSec Vulnerabilities Import (Vulnerability Filter can be added to customize data import)
  4. Rapid7 InsightAppSec Fixed Vulnerabilities Import will be executed automatically after the Rapid7 InsightAppSec Vulnerabilities Import is successfully executed.

Vulnerability Status Mapping

Status Mapping from Rapid7 IAS Platform to ServiceNow

Rapid7 IAS Vulnerability StateServiceNow AVIT State
UnreviewedOpen
VerifiedOpen
IgnoredClosed
False PositiveClosed
RemediatedClosed
DuplicateClosed

Status Mapping from ServiceNow to Rapid7 IAS Platform

ServiceNow AVIT StateServiceNow AVIT SubstateRapid7 Vulnerability State
OpenN/AUnreviewed
ClosedFixedRemediated
ClosedCancelledIgnored
ClosedStaleIgnored
ClosedFalse PositiveFalse Positive
ResolvedN/ARemediated
Under InvestigationN/AVerified
Awaiting ImplementationN/AVerified
DeferredRisk AcceptedIgnored
DeferredFix UnavailableIgnored
DeferredMitigating Control in PlaceIgnored
DeferredOtherIgnored

Severity Mapping

Insight AppSec SeverityServiceNow Severity
HIGH2-High
MEDIUM3-Medium
LOW4-Low
SAFE5-None
INFORMATIONAL5-None

Key Vulnerability Fields Mapping

ServiceNowIAS
Source AVIT IDVulnerability Information - General - ID
VulnerabilitySource AVIT (as above) ID with Rapid7 InsightAppSec Prefix
Vulnerable LinksVulnerabilities - URL
Discovered AppVulnerabilities - App
Risk RatingSeverity (Mapping detailed above)
StateVulnerabilities - Status
First FoundFirst Discovered
Last FoundLast Discovered
Affected ParametersVulnerability Information - Root Cause - Parameter
Source Additional InfoModule Type, Attack Type
Source NotesAttack Variances - Proof
DescriptionAttack Variances - Proof Description
Source LinkLink to Vulnerability Detail Pane in InsightAppSec
Remediation notesReferences & Recommendations - References
Short DescriptionAttack Variances - Attack Value, Original Value
Risk ScoreNo IAS equivalent - ServiceNow Specific Calculation