Manage Vulnerabilities with ServiceNow Application Vulnerability Response
The Rapid7 Application Security (InsightAppSec) integration for Application Vulnerability Response (VR) is a ServiceNow application that imports application vulnerable items (AVIs) and provides users with the capability to remediate application vulnerabilities from within ServiceNow. All data can be retrieved based on a specific filter and scheduled to ensure that ServiceNow consistently receives new and updated information.
How the Integration Works
- The Integration manually or periodically fetches various types of data from the Rapid7 Application Security (InsightAppSec) platform such as Apps, Scans, Vulnerabilities and Attack details and ingests that data in the Application Vulnerability Response tables.
- The Integration brings the updated status vulnerabilities from the AppSec platform and updates their status in the ServiceNow AVI Tickets accordingly
- The Integration subsequently updates the status of the vulnerabilities on the AppSec platform if the status of the AVI Ticket is updated in the Application Vulnerable Item (AVI) Table for any particular vulnerability
- All the data is fetched based on a particular filter in a way that new and updated data is always received on the ServiceNow side
Integration Benefits
- Ability to fetch all data of apps, scans, vulnerabilities, attack modules and their attack details from the Application Security (InsightAppSec) platform
- Get updated status vulnerabilities from Application Security (InsightAppSec)
- Update the status of the vulnerabilities on Application Security (InsightAppSec) if the AVI Ticket status is changed on ServiceNow
- The AVI Ticket will be linked with the latest Attack Module and their details
- The AVI will get updated with the latest scan in which the vulnerability was identified
- All the Vulnerability Integrations can be triggered manually or can be scheduled to execute periodically
Integration Requirements
Before installing the integration, review the authentication and system requirements:
- Region and API Key for the Rapid7 Application Security (InsightAppSec) platform. These details are found in Rapid7’s Insight Platform > API Key Management.
- ServiceNow Administrator role privileges are required to install this integration.
- Compatibility matrix and required plug-ins:
- ServiceNow versions “Vancouver” or “Washington DC”
- Rapid7 Application Security (InsightAppSec) Integration version 1.0.0
- ServiceNow Vulnerability Response plug-in version 22.1.3 must be active
Getting Started
ℹ️
Start with our interactive demo walkthrough!
To explore the main functionality and click around some of the key areas, check out our interactive demo walkthrough .
The integration can be installed from the ServiceNow Store by an Admin user of your ServiceNow Instance.
- Go to the ServiceNow store: https://store.servicenow.com/sn_appstore_store.do#!/store/application/9dfbec3333460e100ce3d6d24d5c7bb5/1.0.0
- Download the Installation Guide for detailed guidance on installation, configuration and usage: https://store.servicenow.com/appStoreAttachments.do?sys_id=4338ff39875c12506124bbb2debb352e .
Sequencing - Recommended Integrations Execution Flow
When completing setup, it is highly recommended that you follow the specified order of execution to ensure proper data ingestion; failure to do so may result in an unknown application state.
- Rapid7 Application Security (InsightAppSec) Apps Import
- Rapid7 Application Security (InsightAppSec) Scans Import
- Rapid7 Application Security (InsightAppSec) Vulnerabilities Import (Vulnerability Filter can be added to customize data import)
- Rapid7 Application Security (InsightAppSec) Fixed Vulnerabilities Import will be executed automatically after the Rapid7 Application Security (InsightAppSec) Vulnerabilities Import is successfully executed.
Vulnerability Status Mapping
Status Mapping from Rapid7 IAS Platform to ServiceNow
| Rapid7 IAS Vulnerability State | ServiceNow AVIT State |
|---|---|
| Unreviewed | Open |
| Verified | Open |
| Ignored | Closed |
| False Positive | Closed |
| Remediated | Closed |
| Duplicate | Closed |
Status Mapping from ServiceNow to Rapid7 IAS Platform
| ServiceNow AVIT State | ServiceNow AVIT Substate | Rapid7 Vulnerability State |
|---|---|---|
| Open | N/A | Unreviewed |
| Closed | Fixed | Remediated |
| Closed | Cancelled | Ignored |
| Closed | Stale | Ignored |
| Closed | False Positive | False Positive |
| Resolved | N/A | Remediated |
| Under Investigation | N/A | Verified |
| Awaiting Implementation | N/A | Verified |
| Deferred | Risk Accepted | Ignored |
| Deferred | Fix Unavailable | Ignored |
| Deferred | Mitigating Control in Place | Ignored |
| Deferred | Other | Ignored |
Severity Mapping
| Insight AppSec Severity | ServiceNow Severity |
|---|---|
| HIGH | 2-High |
| MEDIUM | 3-Medium |
| LOW | 4-Low |
| SAFE | 5-None |
| INFORMATIONAL | 5-None |
Key Vulnerability Fields Mapping
| ServiceNow | IAS |
|---|---|
| Source AVIT ID | Vulnerability Information - General - ID |
| Vulnerability | Source AVIT (as above) ID with Rapid7 Application Security (InsightAppSec) Prefix |
| Vulnerable Links | Vulnerabilities - URL |
| Discovered App | Vulnerabilities - App |
| Risk Rating | Severity (Mapping detailed above) |
| State | Vulnerabilities - Status |
| First Found | First Discovered |
| Last Found | Last Discovered |
| Affected Parameters | Vulnerability Information - Root Cause - Parameter |
| Source Additional Info | Module Type, Attack Type |
| Source Notes | Attack Variances - Proof |
| Description | Attack Variances - Proof Description |
| Source Link | Link to Vulnerability Detail Pane in Application Security (InsightAppSec) |
| Remediation notes | References & Recommendations - References |
| Short Description | Attack Variances - Attack Value, Original Value |
| Risk Score | No IAS equivalent - ServiceNow Specific Calculation |