Manage Vulnerabilities with ServiceNow ITSM

If you utilize ServiceNow for managing incidents across your organization, you can simplify your ticketing management and validate vulnerabilities faster by integrating with InsightAppSec. You can easily export your vulnerabilities to ServiceNow so that vulnerability status and severity changes are automatically updated in both applications.

Two-way integration

The connection between ServiceNow and InsightAppSec is two-way integration. When an incident is updated in ServiceNow, the vulnerability status and severity in InsightAppSec is also updated.

Integrate with ServiceNow

Integrate InsightAppSec and ServiceNow in just a few steps. Download the InsightAppSec app from ServiceNow app store and configure within ServiceNow. After configuration, add the ServiceNow connection to InsightAppSec so that you can start exporting your vulnerabilities.

Before you begin

  • Ensure you have an organization-level InsightAppSec API key to use for ServiceNow configuration. If not, create a new key.
  • If your ServiceNow instance is configured with firewall rules, you must add the Insight Platform IP addresses to your allowlist. For the current list of static IP addresses, see Configure communications with the Insight Platform.

Download the InsightAppSec ITSM app from ServiceNow

InsightAppSec for ITSM is available in the ServiceNow Store which enables quick and easy integration at no additional cost. You must have a license for both products.

Rapid7 InsightAppSec for ITSM app in the ServiceNow app store

Get the app

  1. In the ServiceNow app store, search for Rapid7 InsightAppSec for ITSM.
  2. Download the app with default configuration settings.

Connect InsightAppSec to ServiceNow

After configuring the connection in ServiceNow, add the ServiceNow connection details to InsightAppSec.

Connection details fields for the ServiceNow integration in InsightAppSec

Add the ServiceNow connection

  1. In InsightAppSec, go to Settings > Integrations, and click Enable ServiceNow Integration.
  2. Enter the connection details.
  3. To ensure the credentials work, click Test Connection.
  4. If the test connection fails, check the ServiceNow Endpoint URL and your credentials and try again.
  5. Click Save.
What is the ServiceNow Endpoint URL?

The ServiceNow endpoint is the URL and the API endpoint. For example: https://vendor.service-now.com/api/x_r7_rapid7_inc/v1/ias

Manage the connection

  1. Go to Settings > Integrations and click Manage ServiceNow.
  2. To edit the connection, update the connection details and click Save.
  3. To delete the connection, click Remove Connection and click Confirm.

Export vulnerabilities to ServiceNow

You can export vulnerability data in multiple formats for use in other applications.

  1. On the Vulnerabilities page or tab, select the vulnerabilities you want to export.
  2. Click Export Vulnerabilities and select ServiceNow.

Vulnerabilities are sent to your ticketing application.

What happens if I export a vulnerability that has already been exported?

The existing ticket in ServiceNow will be updated. A duplicate ticket for the same vulnerability will not be created.

Automatic updates to vulnerability status and severity

After a vulnerability is exported to ServiceNow, any changes to the status from either application are automatically updated in both places. In InsightAppSec, these updates are tracked in the Change History field. Instead of a username associated with the change, changes made from ServiceNow display the change as made by API User.

InsightAppSec and ServiceNow have different statuses and severities that are mapped to reflect the default statuses of each application.

Status mapping

ServiceNow allows you to customize incident statuses. This section describes the default mapping that is included in the configuration.

Updates to vulnerability status in InsightAppSec map to the following ServiceNow incident statuses.

InsightAppSec vulnerability statusServiceNow incident status
Unreviewed1 (New)
False Positive1 (New)
Verified1 (New)
Ignored1 (New)
Remediated1 (New)
Duplicate1 (New)

Updates to incidents in ServiceNow map to the following InsightAppSec statuses.

ServiceNow incident statusInsightAppSec vulnerability status
1 (New)N/A
2 (In Progress)N/A
3 (On Hold)N/A
6 (Resolved)Remediated
7 (Closed)Remediated
8 (Canceled)N/A
Severity mapping
InsightAppSec severity levelServiceNow severity score
Safe3
Informational3
Low3
Medium2
High1