This checklist lists the steps required for a basic implementation of the Vulnerability Response application on your ServiceNow AI Platform® instance. When you have completed these tasks, the base system is ready for operation and verification.

Before you begin

Roles required: admin for downloading and activating applications and assigning roles, sn_vul.vulnerability_admin for configuring Vulnerability Response.

Procedure

  1. Consider creating and printing a PDF of this checklist so that you can check off tasks as you complete them.
  2. To generate a PDF, click the Save As PDF icon (Save as PDF icon) at the top of the topic and click Selected topic.
    Table 1. Vulnerability Response basic implementation checklist tasks for admin
    ItemDescription
    Checkbox
    		As a user with the admin role, verify that you have the obtained any entitlements and downloaded (Install) the following applications from the ServiceNow® Store onto your ServiceNow AI Platform instance:
    • Vulnerability Response
    • Vulnerability Response Integration with the NIST National Vulnerability Database
    • Qualys Integration for Security Operations
    1. To verify the applications are available on your instance, navigate to All > System Applications > All Available Applications > All and search for [sn_vul], [sn_vul_nvd], and [sn_vul_qualys].
    2. If you can't locate the applications, see Security Operations and the ServiceNow Store for more information about getting entitlement and downloading the applications.
    Checkbox
    		As a user with the admin role, navigate All > Vulnerability Response > Administration > Setup Assistant > Integration Application Installation and activate (Install) the Vulnerability Response application along with its dependencies on your ServiceNow AI Platform instance.
    Note: During installation of the Vulnerability Response application, you have the option to install demo data.

    Demo data is required if you want to run automated tests to confirm that your instance works after installation. Run tests only on development, test, and other non-production instances to avoid data corruption and outage. If demo data or demo accounts are created, all demo data should be removed prior to using the instance in non-production or production.

    The Setup Assistant for Vulnerability Response is installed automatically along with the application. The Setup Assistant is required to configure the Vulnerability Response application. Additionally, it is used to install and configure the Qualys Integration for Security Operations application used in this example, as well as other applications that support and are compatible with Vulnerability Response.

    For more information about installing the Vulnerability Response application, see Install Vulnerability Response.
    Checkbox
    		As a user with the admin role, in Setup Assistant, navigate to All > Vulnerability Response Users and Groups and assign users with the required Vulnerability Response persona roles.
    1. From within Setup Assistant, view existing users and any roles that are already assigned by clicking the User Administration module link.
    2. From the list, click a user name to open the record and click the Roles related list. All the roles assigned to this user are displayed.
    3. Navigate back to Vulnerability Response Users and Groups in Setup Assistant and follow the prompts to assign the sn_vul.vulnerability_admin role.
    Note: The sn_vul.vulnerability_admin role is required to continue with the configuration. Alternatively, you can continue with the configuration as a user with the admin role.

    (Optional) You can also assign the Configuration Item (CI) Manager [sn_vul.ci_manager] and Exception Approver [sn_vul.exception_approver] roles, but these personas are not required for the remaining setup tasks.

    For more information about assigning the persona roles using the Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant.

    For more information on users and assigning roles to users and groups, see User administration.
    Checkbox
    1. Navigate to All > Administration > Integrations and verify the CWE Comprehensive 2000 Integration is activated and run the scheduled job to import data.
    2. As a user with the admin role, navigate to System Applications > All Available Applications and activate (Install) the Vulnerability Response Integration with NVD application.

    Run the NVD and CWE integrations as part of your initial setup of Vulnerability Response and prior to importing vulnerability data into your instance with a third-party scanner product.

    See Importing data with the NVD and CWE integrations and managing third-party libraries and Configure and run the scheduled job for updating CWE records for more information about installing, configuring, and viewing the NVD and CWE libraries.
    Checkbox
    		As a user with the admin role, navigate All > Vulnerability Response > Administration > Setup Assistant > Integration Application Installation and activate the Qualys Integration for Security Operations application. Before you install and run a third-party scanner product like Qualys that has a library, you must first install and run the NVD and CWE Integrations to ingest vulnerability data.

    For more information, see Install Vulnerability Response third-party applications using Setup Assistant.
    Checkbox
    		(Optional) As a user with the admin role, if you installed demo data with the Vulnerability Response application, you can run the Vulnerability Response ATF Test Suite to verify the applications successfully installed.
    Note: Run tests only on development, test, and other non-production instances to avoid data corruption and outage.

    For more information, see Run the Automated Test Framework (ATF) test suite for Vulnerability Response.

    For more information about automated tests, see Automated Test Framework (ATF).
  3. Continue with the configuration of the applications starting in the Vulnerability Response Settings section.

    Reviewing these settings helps you understand how Vulnerability Response works as you continue to set up your environment. For the scanner integration used in this example, you are required to edit the settings.

    The concepts you use in this configuration example for the Qualys product apply to other scanner applications.

    Your Qualys credentials are required to configure the application. Verify you have any account names, passwords, and other service information required by Qualys products so that you have access to them.

    Roles required: sn_vul.vulnerability_admin or, alternatively, admin.

    Table 2. Vulnerability Response basic implementation checklist tasks for vulnerability admin
    TaskDescription
    Checkbox
    		Review the Vulnerability Assignment Rules.

    Assignment rules automatically assign vulnerable items (VIs) to the appropriate assignment group. For more information, see, Vulnerability Response assignment rules overview.

    For more information about configuring Vulnerability Response using the Setup Assistant, see Configuring Vulnerability Response using the Setup Assistant.
    Checkbox

    Review the remediation task rules.

    Remediation task rules automatically group vulnerable items (VIs) as they are imported based on certain conditions. For more information, see Vulnerability Response remediation tasks and remediation task rules overview.
    Checkbox

    Review the Risk Calculators.

    Risk calculators score vulnerable items for prioritization. You can configure calculators to incorporate characteristics of the configuration item (CI), exploit availability, and vulnerability severity reported by your vulnerability assessment (scanner) vendor. For more information, see Vulnerability Response calculators and vulnerability calculator rules.
    Checkbox

    Review the Remediation Target Rules.

    Remediation Target Rules define remediation time lines for VIs and remediation tasks. For more information, see Vulnerability Response remediation target rules.
    Checkbox

    In the Integration Configuration section, review the Qualys application settings and define and schedule your data imports.

    1. Click Scanner Integrations.
    2. On the Installed Applications page, click Edit.
    3. Enter your credentials and click Next.
    4. Read the descriptions for the KnowledgeBase Configuration.
    5. Review the Host Detection Configuration page for Import Settings, CI Lookup Rules, and Import Schedules.
    6. After you are satisfied with the settings on this page, click Execute Now to import data. Click the View details link that is displayed to view vulnerability integration run status.
    7. (Optional) Continue to edit configuration settings.
    8. Click Finish to complete the installation and configuration in Setup Assistant.

    For more information about configuring the Qualys application, see Configure the Qualys Vulnerability Integration using Setup Assistant.

What to do next

Congratulations! You successfully installed the Vulnerability Response application and configured it and a scanner application using the Setup Assistant. The base system is now ready for operation.

To download, install, and configure other applications for Vulnerability Response, follow the same steps and concepts you completed for the preceding checklist. Refer to specific topics provided for each application for more information.

For more information about supported applications available that are available to you from the ServiceNow Store for Vulnerability Response, see Installation of Vulnerability Response and supported applications.

For more information about how to use Vulnerability Response, see Exploring the Vulnerability Response application.