Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Vulnerability Response asset discovery

Log in to subscribe to topics and get notified when content changes.

Vulnerability Response asset discovery

Vulnerability data can be imported from internal and external sources, such as the NVD, CWE, and third-party integrations. You can compare vulnerability data to CIs and software identified in the Asset Management module.

You can do the following:
  • Compare vulnerability-related data, if a vulnerability is found in an asset.
  • Escalate it by creating change requests, problem records, and security incident records (if Security Incident Response is activated).
  • Manage vulnerable items individually, grouped by the vulnerability or CI. Each vulnerability is represented by a vulnerability entry in the library, from the NVD, or a third-party source. Multiple CVEs can be related to a single third-party vulnerability.
  • Use Common Weakness Enumeration (CWE) records downloaded from the CWE database for reference when deciding whether a vulnerability must be escalated. Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations page. That page is for reference only.
Feedback