Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Manage SAM NVD vulnerability detection

Manage SAM NVD vulnerability detection

Software Asset Management (SAM), working with discovery tools, creates records listing installed software in your network. The National Vulnerability Database (NVD) information indicates which versions of software have known vulnerabilities. SAM NVD vulnerability detection combines this information to track Vulnerabilities within your system.

Start with a limited subset of vital configuration items and high priority vulnerabilities. Use the filters to select only those CIs or vulnerabilities you want to monitor for vulnerabilities. Otherwise, every CI and vulnerability in your system is included in the scan.

The following business rules have been created or updated with the new settings.

Table 1. Business rules changes and additions
Business rule Description
Insert vulnerable item

[cmdb_sam_sw_install]

Updated to run only when SAM NVD vulnerability detection is enabled and adheres to any CI and Vulnerability filters.
Determine vulnerable items

[sn_vul_software]

Updated to run only when SAM NVD is enabled and adheres to any CI and Vulnerability filters.
Store values to system properties

[sn_vul_sam_config]

Saves configuration from the Configure SAM NVD module to System Properties.
SAM+NVD settings update

[sn_vul_sam_config]

Rechecks for vulnerable items when Configure SAM NVD settings are updated.

Enable or disable SAM NVD vulnerability detection

When SAM NVD vulnerability detection is enabled, existing software assets are compared to the NVD database. Vulnerable Items are created to track any vulnerabilities found in your system. Use the filters to limit the vulnerabilities and configuration items to scan. Vulnerable items are rechecked whenever these settings are updated.

Before you begin

Role required: sn_vul.admin

Procedure

  1. Navigate to Vulnerability > Administration > Configure SAM NVD.
    Note: Detect vulnerabilities using SAM data is checked (on) by default for an upgrade where Vulnerability Response plugin is installed. In new installations, the default is unchecked and automatic detection is off.
  2. Check or uncheck Detect vulnerabilities using SAM data as appropriate.
  3. Create CI or Vulnerability Filters.
    Note:

    Filters are needed after a new installation, when Detect vulnerabilities using SAM data is checked, unless you want every CI and vulnerability in your system included in the scan.

    Changing filters does not impact existing vulnerable items. A rescan only creates vulnerable items based on changes to the filters.

    Enable SAM NVD vulnerability detection form
  4. Click Save and Create Vulnerable Items.