Home Orlando Security Incident Management Security Operations Vulnerability Response Vulnerability Response integrations Understanding the Rapid7 Vulnerability Integration Install and configure the Rapid7 Integration for Security Operations application Create domain-separated imports for the Rapid7 vulnerability integration

Create domain-separated imports for the Rapid7 vulnerability integration

If you require vulnerability integration data to be imported to a specific domain, you must assign a user in that domain to run the integrations.

Before you begin

Role required: v10.3 sn_vul.vulnerability.admin or sn_vul.admin (deprecated) and import_admin

Starting with v10.3, persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

About this task

This set of tasks require coding or advanced ServiceNow expertise.

The import queues contain data attachments that the scheduled jobs (integrations) process. In a domain-separated environment, you must match the scheduled job with the correct import queue.

Procedure

Create a domain.
For every domain you create, create a user and assign the user to that domain.

Think of this user as a run_as placeholder for the domain in your Rapid7 vulnerability integration. It is the equivalent to the VR.System user in the global domain and must have the following roles: sn_vul_r7.admin, import_admin, and sn_vul.r7_write. This user needs access to data sources, and vulnerability data.
Note: Do not use this user for any other purpose.
In each domain, create a scheduled job.
1. Navigate to System Definition > Scheduled Jobs.
2. Copy Scheduled Vulnerability Data Source Processor into the domain.
3. To identify the scheduled job, append the domain to the name.
4. In the Run as field change the run_as user to the user you created in the Step 2.
Ensure the integration runs in the run_as user domain.
1. Edit the Execute Now UI action to add this code to the top of the file.
```
//sys id below is of host detection integration
if(current.sys_id == "5d9cf0daff540300c68c9f783894fa4d"){
current.run_as = gs.getUserID
();
}
```
2. Edit the VulnerabilityIntegrationUtils script include method addIntegrationRun to add the highlighted code.
3. Add the highlighted code to the VulnerabilityIntegrationUtils script include method addProcessRun.
  addProcessRun code
4. Edit the DataSourceVulnReportRefreshProcessor script include method _processFromDataSourceGroups.
  Change the original line of code: this.integrationProcessGr.getUniqueValues()); to this.integrationProcessGr.getUniqueValue(),this.integrationProcessGr.getValue("sys_domain"));
  
  Edited _processFromDataSourcesGroups code
5. Add the following highlighted code blocks to the VulnerabilityDSAttachmentManager script include method, queueItem.
  queueItem
6. Add the following highlighted code blocks to the VulnerabilityDSAttachmentManager script include function, getNext.
  _getNext
7. Add the following highlighted code blocks to the VulnerabilityDSAttachmentManager script include function, _processQueueEntry.
  _processQueueEntry function
At this point, you are ready for domain-separated host detection imports.
Note: If you have multiple deployments of the Rapid7 InsightVM vulnerability integration, repeat this process for each deployment.

Previous topic

Next topic

Release version

Create domain-separated imports for the Rapid7 vulnerability integration

If you require vulnerability integration data to be imported to a specific domain, you must assign a user in that domain to run the integrations.

Before you begin

Role required: v10.3 sn_vul.vulnerability.admin or sn_vul.admin (deprecated) and import_admin

About this task

This set of tasks require coding or advanced ServiceNow expertise.

The import queues contain data attachments that the scheduled jobs (integrations) process. In a domain-separated environment, you must match the scheduled job with the correct import queue.

Procedure

Create a domain.
For every domain you create, create a user and assign the user to that domain.

Think of this user as a run_as placeholder for the domain in your Rapid7 vulnerability integration. It is the equivalent to the VR.System user in the global domain and must have the following roles: sn_vul_r7.admin, import_admin, and sn_vul.r7_write. This user needs access to data sources, and vulnerability data.
Note: Do not use this user for any other purpose.
In each domain, create a scheduled job.
1. Navigate to System Definition > Scheduled Jobs.
2. Copy Scheduled Vulnerability Data Source Processor into the domain.
3. To identify the scheduled job, append the domain to the name.
4. In the Run as field change the run_as user to the user you created in the Step 2.
Ensure the integration runs in the run_as user domain.
1. Edit the Execute Now UI action to add this code to the top of the file.
```
//sys id below is of host detection integration
if(current.sys_id == "5d9cf0daff540300c68c9f783894fa4d"){
current.run_as = gs.getUserID
();
}
```
2. Edit the VulnerabilityIntegrationUtils script include method addIntegrationRun to add the highlighted code.
3. Add the highlighted code to the VulnerabilityIntegrationUtils script include method addProcessRun.
  addProcessRun code
4. Edit the DataSourceVulnReportRefreshProcessor script include method _processFromDataSourceGroups.
  Change the original line of code: this.integrationProcessGr.getUniqueValues()); to this.integrationProcessGr.getUniqueValue(),this.integrationProcessGr.getValue("sys_domain"));
  
  Edited _processFromDataSourcesGroups code
5. Add the following highlighted code blocks to the VulnerabilityDSAttachmentManager script include method, queueItem.
  queueItem
6. Add the following highlighted code blocks to the VulnerabilityDSAttachmentManager script include function, getNext.
  _getNext
7. Add the following highlighted code blocks to the VulnerabilityDSAttachmentManager script include function, _processQueueEntry.
  _processQueueEntry function
At this point, you are ready for domain-separated host detection imports.
Note: If you have multiple deployments of the Rapid7 InsightVM vulnerability integration, repeat this process for each deployment.

How search works:

Topics are ranked in search results by how closely they match your search terms

Create domain-separated imports for the Rapid7 vulnerability integration

Create domain-separated imports for the Rapid7 vulnerability integration

On this page

Create domain-separated imports for the Rapid7 vulnerability integration

Create domain-separated imports for the Rapid7 vulnerability integration

Log in to personalize your search results and subscribe to topics