Verify Vulnerability Response vulnerable item detection data on integration run
(VINTRUN) records
From integration run records in your ServiceNow AI Platform® instance, you can
locate third-party integration vulnerable item detection data based on the date and time of
scans. Verify the scan successfully completed, view the number (counts) of individual
detections, as well as any vulnerable items (VIs) that are created or updated directly as a
result of the scans.
Before you begin
Role required: sn_vul.vulnerability_admin or sn_vuln.admin (deprecated)
You may prefer to have the integration run information, either date and time of
the scan, or the integration run record number (VINTRUN#) from the vulnerable item
or detection records to help you locate specific records from the following
lists.
Procedure
Choose one to continue.
Integration
Description
Navigate to Rapid7 Vulnerability Integration > Administration > Integrations
From the Rapid7 Integrations list, choose the integration you want to
view the detection scan results for.
Rapid7 Comprehensive Vulnerable Item Integration -
API
Navigate to Qualys > Qualys Vulnerability integration > Primary Integrations
From the Qualys Integrations list, choose
from:
Qualys Host Detection Integration
Qualys Comprehensive Host Detection Integration
Navigate to Tenable Vulnerability Integration > Administration > Integrations
From the Tenable Integrations list,
choose the integration you want to view the detection scan results
for.
Navigate to Microsoft TVM Vulnerability Integration > Administration > Integrations
From the Microsoft TVM Integrations list,
choose the integration you want to view the detection scan results
for.
On the bottom of the page that is displayed,
click the
Vulnerability Integration Runs tab.
Click an item in either the Number or Import Source columns to open a
record.
The integration run record is displayed.
Figure 1. Rapid7 Integration run recordFigure 2. Qualys Integration run recordThe integration run record is displayed. You can verify in the State field
that the integration ran successfully.
Select the
Configuration Items tab.
The Configuration Items tab displays the following information:
The Configuration Items tab displays the total number of
configuration items that are imported.
The New CIs field displays the number of CIs created as a part of
this integration run.
The Imported CIs field displays the sum of all the CIs in this
section.
The value of the Ignored CIs field is always 0 for the Vulnerability Response
integrations.
The Existing CIs field displays the total number of CIs that are
already in existence.
Click
the Items tab.
The Items tab displays the following information:
The
Items tab displays the total number of VIs that are imported. You
can see the total detections imported by adding the numbers listed
on the Detections tab.
The New items field displays the number of vulnerable items that are
created from this integration run.
The Imported items field displays the sum of the all the fields in
this section.
The Duplicate items field is no longer populated.
The Updated items field displays the number of times vulnerable
items are updated during this integration run. This value is not the
number of unique vulnerable items that are updated. If for example,
a vulnerable item is updated two times during the integration run,
it is counted two times and displayed as
2 updated items.
The Unchanged items field displays vulnerable items found during the
integration run that already exist in the database but were not
updated, because none of the relevant field values had changed.
Click the Detections tab.
This tab is only displayed if the integration run has any detections. You can
verify the total detections imported by adding the numbers listed.
Figure 3. Detections tab
from
VR v15.0
Note: Prior to v15.0, there was no field for Ignored
detections.
The Detections tab displays the following information:
Starting
with v15, a new field Ignored detections has been added to track the
detections, which were previously ignored. With this implementation, the
count of detections imported, and the count tracked on integration run
records becomes consistent. This functionality has been implemented for
all the scanners i.e., Qualys Vulnerability Integration, Rapid7 Vulnerability Integration, Tenable Vulnerability Integration and
Microsoft TVM.
The New detections field displays new detections that are created during
this integration run.
The Unchanged detections field displays detections found during the
integration run that already exist in the database but were not updated,
because none of the relevant field values had changed.
The Updated detections field displays the number of times detections are
updated during this integration run. This value is not the number of
unique detections updated. If for example, a detection is updated twice
as part of the integration run, it is counted two times and displayed as
2 updated detections.
Note: Detections
that are not displayed in these counts are detections that are in a
closed state (Fixed), because fixed records are used to update
existing VIs. If you want more visibility to these detection
records, you can display the closed VIs that are created when there
is not an existing, matching VI in an open state. For more
information about Vulnerabilities in the fixed state that you can
enable in Setup Assistant for the Qualys integration, see Configuring Vulnerability Response using the Setup Assistant.
Click an item in either the Number or Import Source columns to open a
record.
We use cookies on this site to improve your browsing experience, analyze individualized usage and website traffic, tailor content to your preferences, and make your interactions with our website more meaningful. To learn more about the cookies we use and how you can change your preferences, please read our Cookie Policy and visit our Cookie Preference Manager. By clicking “Accept and Proceed,” closing this banner or continuing to browse this site, you consent to the use of cookies.
The Configuration Items tab displays the following information:Click the Items tab.
The Items tab displays the following information:
Note: Prior to v15.0, there was no field for Ignored detections.