Import a CVRF file to view data in the CVRF format. Importing is a one-time activity.

Before you begin

Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin.

About this task

Once imported, a queue entry is created with an attachment, which gets parsed when the entry is processed. The data is then populated in the respective tables. Before parsing the CVRF data, a scanner-mapping record is created based on configuration. Then, the scanner-mapping data is transformed to vendor-mapping data.

Procedure

  1. Navigate to All > Vulnerability Response > Administration > Setup Assistant > Integration Configuration > Solution Integrations > Common Vulnerability Response Framework.
  2. Click Import File.
    Note: You can upload only one XML file at a time with a maximum file size of 1 GB.
  3. In the Name field, enter a unique name for the integration.
    The scheduler is created with this name.
  4. In the Vendor field, enter the name of the vendor.
    The Source field of the solutions is populated with the vendor name.
  5. Click Finish.

Result

An import queue is created. Click the link in the info bar to view the queue entries for the vendor along with the related list. You can also view the status of the job.

After the data is imported to the CVRF format, the data is processed in the following way:
  1. When the queue gets processed, the file is parsed with a dedicated data source.
  2. Once the processing gets completed, the application log is updated.
  3. Once the CVRF XML file is parsed, it populates the following tables in the ServiceNow® Vulnerability Response application.
    • sn_vul_solution
    • sn_vul_m2m_vulnerability_solution
    • sn_vul_nvd_entry
    • sn_vul_software
    • sn_vul_product_category

You can see the detailed information related to errors or exceptions in the Application logs.