Before you run Vulnerability Response in your
instance, you must complete installation and configuration steps.
Complete the following setup checklist prior to
installation. These setup tasks are required for a smooth installation and
This process applies only to applications downloaded to
production instances. If you are downloading applications to sub-production or
development instances, it is not necessary to get entitlements. Proceed to Activate a ServiceNow Store application
|Verify that you have the required ServiceNow
roles for your instance.
||The following roles are required for installation, configuration,
and verification of expected results:
- If not already assigned, the System Administrator [admin]
installs the application and assigns the Vulnerability Admin
- The Vulnerability Admin [sn_vul.admin] oversees
configuration and verifies expected results.
- Version 9.0: The Remediation Owner
[sn_vul.remediation_owner] oversees change management tasks
and reads and updates assigned records. The
sn_vul.remediation_owner role is also automatically assigned
when any user is assigned the itil
Role required: admin
Install optional integrations. See Vulnerability Response integrations for information.
Log in to the instance you want to install the Vulnerability Response
Navigate to the ServiceNow Store.
Click Login and log in using your HI credentials.
Click the ServiceNow Products tab to view all
products. Integrations and other types of content are shown on the
Certified Apps tab.
Note: For the sake of this example, assume you are acquiring entitlement for
the Security Incident Response product.
Click the plus (+) sign next to the product name you are getting
entitlement to. All applications associated with the product you are
entitling are listed. When you have obtained entitlement to the core
product, the applications listed under it are also entitled.
Note: You can also click the product name to view more information about the
product and its associated applications.
Click Opt-in to verify that you have entitlement to
the product and the applications listed. You are prompted to read and accept
the ServiceNow terms
Select the check box and click Accept.
Optionally, you can click Manage Entitlements to
change the instances affected by the applications to which you are
After you have agreed to the ServiceNow Terms and
Conditions and managed entitlements, you can entitle other products with a
Note: You are ready to activate the product.
Search for the dependencies plugin for the application you want to
activate. For example, if you are activating Security Incident Response, locate the Security Incident Response Dependencies plugin.
Click Install. The Activate Plugin dialog box
In the Activate Plugin dialog box, click
When the activation is complete, click Close & Reload
Now locate the core product you are activating, click the
Install with demo data check box if you want to
load demo data, and click Install.
Your application is automatically installed on your
Once the installation completes, navigate to
Follow the instructions on the forms.
Only the Qualys Vulnerability Integration
is available for installation and configuration within Setup Assistant.
For more information on Qualys Vulnerability Integration
installation, see Install the Qualys Integration for Security Operations application.
To install the Rapid7 Vulnerability Integration,
see Install and configure the Rapid7 Integration for Security Operations application.
To install the Shodan Exploit Integration, see Install and configure the Shodan Exploit Integration.
To install other third-party vulnerability integrations, such as, Tenable.io for Vulnerability Response
refer to the vendor documentation in the ServiceNow Store.
For information on Vulnerability Response configuration, integrations, group rules, risk calculators, and
remediation target rules, see Vulnerability Response configuration using the Setup Assistant.
If you have a subscription to Vulnerability Solution Management
application, see Install the Vulnerability Solution Management application.
If you have a subscription to the Performance Analytics for Vulnerability Response
application, see Install and configure the Performance Analytics for Vulnerability Response application.