ServiceNow Security Operations

Overview

To help streamline vulnerability remediation, this API integration processes and prioritizes vulnerabilities by incorporating InsightVM data into ServiceNow Security Operations dashboards and analytics.

Integration Overview

Here’s a high-level overview of how this integration works:

  1. InsightVM scans the environment to assess risk within organizational systems and processes the vulnerability data.
  2. ServiceNow Security Operations (SecOps) periodically queries InsightVM for the latest vulnerabilities.
  3. ServiceNow creates remediation tickets for vulnerabilities and closes tickets that have been fixed.
  4. With the next query of InsightVM, ServiceNow checks closed tickets for successful remediation.

With ServiceNow integrated, you can:

  • Import Rapid7 InsightVM scan data directly into ServiceNow Security Operations.
  • Gain more context and visibility into individual vulnerabilities and overall risk.
  • Reduce exposure time through data-centric collaboration between IT Operations and Security.
  • Maximize output while minimizing effort through an automated and closed-loop workflow.
  • Deploy easily by accessing the Rapid7 integration for Security Operations in the ServiceNow Marketplace.

Whitelist Platform Traffic

The integration uses the following hostnames to communicate with the Insight platform:

Region

Hostname

United States

us.api.insight.rapid7.com

Europe

eu.api.insight.rapid7.com

Canada

ca.api.insight.rapid7.com

Japan

ap.api.insight.rapid7.com

Australia

au.api.insight.rapid7.com

In order for ServiceNow to transmit data, you must configure your network to allow traffic to the corresponding hostname of your designated InsightVM region.

NOTE

The region you chose for your integration must match the region that has been selected previously in InsightVM. If you select an incorrect region, data will not populate.

Install and Configure

Complete the following steps to configure your ServiceNow SecOps integration:

  1. Generate a Rapid7 API key.
  2. Install and configure the SecOps integration.

Generate a Rapid7 API Key

NOTE

Although any user can generate an API key, only keys generated by users with the Platform Administrator role are usable with this feature.

Complete the following steps to configure your ServiceNow SecOps integration:

To use the SecOps integration, you need a Rapid7 API key, which you generate from the Rapid7 Insight platform.

In order to access the Rapid7 platform, you will need a Rapid7 Insight platform account, which is different from your InsightVM Rapid7 Security Console account.

Here's how to get a Rapid7 Insight platform account:

Follow these steps to generate the Rapid7 API key:

  1. Go to https://insight.rapid7.com/platform#/
  2. Log in to your Rapid7 Insight platform account.
  3. Go to API Keys.
  4. Under User Key, click on the New User Key button.
  1. In the “Organization” dropdown menu, select your InsightVM organization name.
  2. Enter a name for your key in the field.
  3. Click Generate.
  4. Copy and save the provided API Key.

NOTE

This is the only time you will be able to see the API key, so store it in a safe place. If you misplace your API key, you can always generate a new one.

  1. Click Done.
  2. Your new API key will display in the “User Key” table.

Install and Configure the ServiceNow API Integration

Before starting, confirm that you meet ServiceNow system requirements and that the appropriate regions are whitelisted. After generating your API key, follow these steps to install and configure the ServiceNow integration:

  1. Log into your ServiceNow application.
  2. Go to “Rapid7 Vulnerability Integration” in the left navigation and select Configuration.
  3. Next to “Integration Type,” select “InsightVM” from the dropdown menu.
  1. In the “Server URL” field, select the desired region.
  2. In the “API Key” field, input the API key collected from the Insight platform.
  3. Click Test credentials and check the “Validation Status” field to confirm the integration. If valid, Save. If invalid, confirm that the required whitelisting is in place and the API key was copied correctly, then repeat Steps 4 - 6 again.

InsightVM data will now appear in ServiceNow to help manage your remediation efforts.