Configure the Vulnerability Response integration with Microsoft Threat and Vulnerability Management (MS TVM) application, after you install it using the Setup Assistant.

Before you begin

In addition to the instructions and prompts that are provided in Setup Assistant for the Vulnerability Response integration with Microsoft Threat and Vulnerability Management integration, do the following actions:

Roles required: System Admin (admin) for installation, Vulnerability Admin (sn_vul.vulnerability_admin) or sn_vul.admin (deprecated), and Configure Integration (sn_vul_msft_tvm.configure_integration) for configuration

Procedure

  1. Navigate to All > Vulnerability Response > Administration > Setup Assistant > Integration Configuration > Scanner Integrations.

    The Microsoft Threat & Vulnerability Management tile is displayed.

    MS TVM is a multi-source integration, which means that you can have multiple deployments of the same third-party integration. The settings from your original third-party integration are used as a template for the settings of each new integration.

    Note: If you delete the original vulnerability integration, you have to select another integration to use as your template. Consider disabling the integration instead of deleting it. Integrations created from disabled templates are disabled by default.

    Data from each third-party integration is uniquely identified and available in a single instance of Vulnerability Response.

  2. To configure the Microsoft Threat and Vulnerability Management integration, click Edit.
  3. On the form, fill in the fields.
  4. To save your changes and proceed to the first integration form, click Next.
    The Vulnerabilities Import Configuration form is displayed.
  5. Enable or disable the vulnerabilities import, determine the initial start date for the vulnerabilities that you want imported, and schedule when the MS TVM Vulnerabilities import should run.
    If you want to import all the vulnerabilities, leave the initial start date blank.
    1. To import data on-demand, click Import Vulnerabilities Now.
    2. To see the integration record, click Advanced Settings.
  6. To save your changes and proceed to the first integration form, click Next.
    The Recommendations Import Configuration form is displayed.
  7. Enable or disable the recommendations import and determine the schedule when the MS TVM Vulnerabilities import should run.
    1. To import data on-demand, click Import Recommendations Now.
    2. To see the integration record, click Advanced Settings.
  8. To save your changes and proceed to the first integration form, click Next.
    The Machines Import Configuration form is displayed.
  9. Enable or disable the Machines Import, determine the initial start date for the machines that you want imported, and schedule when the MS TVM Machines import should run.
    If you want to import all the machines, leave the initial start date blank.
    Note: Machine tags are imported by default and used for organizing and tracking the machines listed in the MS TVM environment.
    1. To display the default configuration item (CI) lookup rules, click CI Lookup rules. CI Lookup Rules define how machine data from third-party sources are used to identify Configuration Items (CI)s in the ServiceNow AI Platform CMDB. You have the option to add lookup rules or modify the default CI lookup rules on this page. For more information, see CI lookup rules for identifying configuration items from Vulnerability Response third-party vulnerability integrations.
    2. To import data on-demand, click Import Machines Now.
      Note: Machines that have the status as onboarded in MS TVM are retrieved by the ServiceNow application.
    3. To see the integration record, click Advanced Settings.
  10. To save your changes and go to the first integration form, click Next.
    The Machine Vulnerabilities Import Configuration form is displayed.
  11. Enable the following integrations and determine the initial start date for the vulnerabilities that you want imported.
    Table 2. Machine Vulnerabilities Import Configuration form
    Integration Description
    Microsoft TVM Machine Vulnerabilities Delta Import Retrieves vulnerabilities that have been updated during the full vulnerability import, including new, fixed, and updated vulnerabilities. You can only import delta data for the past 14 days.
    Microsoft TVM Machine Vulnerabilities Full Import Retrieves all the open vulnerabilities. Due to the high volume of data import, you can schedule it to run weekly.
    Note:

    Run the machines import before the Machine Vulnerabilities integration. Else, VIs are not created for the missing machines.

  12. To save your changes and complete the configuration in Setup Assistant, click Finish.

What to do next

If you want to activate a vulnerable item grouping in the classic environment, navigate to > Vulnerability Response > Administration > Remediation Task Rules > Microsoft TVM Recommendation.

In the form that is displayed, select the Active option to activate it. Alternatively, select New to create a new rule.

For more information, see Vulnerability Response remediation tasks and remediation task rules overview.