Install the Vulnerability Response Integration with the NIST National Vulnerability Database

Before you run the integration on your instance, the installation and configuration steps must be completed so the NIST National Vulnerability Database (NVD) product properly integrates with Vulnerability Response. This application is available as a separate subscription.

Before you begin

Complete the following setup checklist prior to installation. These setup tasks are required for a smooth installation and configuration.
Note: This process applies only to applications that are downloaded to production instances. If you're downloading applications to sub-production or development instances, it's not necessary to get entitlements. Proceed to Activate a ServiceNow Store application.
Setup tasks Description
Verify that the Vulnerability Response application is installed and activated.

To verify that this application is activated, navigate to Subscription Management > Subscriptions in your instance. The list displays the subscriptions that your organization has purchased.

If the application isn’t installed and activated see, Install Vulnerability Response.
Verify that you have the required ServiceNow roles for your instance. The following roles are required for installation, configuration, and verification of expected results:
Role required: admin
Note: Before running the NVD integrations, make any necessary configuration changes based on your requirements.

There’s a configured run-as user for each integration record. The default value for this user is VR.System. Don’t change this value.

Procedure

  1. Log in to the instance you want to install the NVD integrations on.
  2. Navigate to the ServiceNow Store.
  3. In the ServiceNow Store, search for the Vulnerability Response Integration with NVD application.
  4. Select the application tile.
    Detailed information about the application you’re installing is displayed.
    Note: Consider reading the Other Requirements and Dependencies sections, as applicable.
  5. Select Request App and enter your Now Support login credentials.
  6. Select Get.
  7. Enter the Instance Name and Reason for the Instance, and select Validate Instance.
  8. Select Request.
    You’ll receive an email with detailed installation instructions.
  9. Navigate to All > System Applications > Applications > All.
  10. Locate the application, select it, and select Install.
    Your application is automatically installed on your instance.

What to do next

After initial installation, for modifications refer to Optional NVD integration modification and activities.

Activate the NIST National Vulnerability Database–API (Unmapped CPE)

To ingest Common Platform Enumeration (CPE) data for fetched Common Vulnerabilities and Exposures (CVE) data, you can perform a full data import with an on-demand scheduled job.

Before you begin

The National Institute of Standards and Technology (NIST) National Vulnerability Database Integration (NVD)–API (Unmapped CPE) integration captures (CPE) data that includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. This information is stored in an NVD vulnerability entry record related list.

Role required: sn_vul.vulnerability_admin or App-Sec Manager

Procedure

  1. Navigate to All > Vulnerability Response or Application Vulnerability Response > NVD > Integrations.
  2. Select the NIST National Vulnerability Database Integration–API (Unmapped CPE) integration.
  3. Select the Active check box.
    Note: The integration is pre-configured to run on demand. By activating the integration, it will automatically run after the NIST NVD Integration-API (CVE only) integration. Changing any other integration parameter requires both ServiceNow and Vulnerability Response and expertise and could result in incomplete data.
    1. Navigate to All > Vulnerability Response > Administration > Integrations.
    2. Select NIST National Vulnerability Database Integration–API (Unmapped CPE) Integration.
    3. Select the Integration Details tab.
    Regardless of the Import since field's value, CPEs for all the retrieved CVEs are retrieved.
  4. Select Execute Now to perform an initial full support integration run.
    After the initial import is complete, scheduled imports of delta data resume. For integration run statuses, see View the (National Vulnerability Database) NVD integration import run status.

Activate the NIST National Vulnerability Database–API (CPE only)

To ingest Common Platform Enumeration (CPE) data, you can perform a full data import with a daily scheduled job.

Before you begin

The National Institute of Standards and Technology (NIST) National Vulnerability Database Integration (NVD)–API (CPE only) integration captures (CPE) data that includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. This information is stored in a vulnerable software table.

Role required: sn_vul.vulnerability_admin or App-Sec Manager

Procedure

  1. Navigate to All > Vulnerability Response or Application Vulnerability Response > NVD > Integrations.
  2. Select the NIST National Vulnerability Database Integration–API (CPE only) integration.
  3. Select the Active check box.
    • The integration is pre-configured to run daily. Changing any other integration parameter requires both ServiceNow expertise and could result in incomplete data.
    • Activating this integration will automatically activate NIST National Vulnerability Database Integration- API (CVE only) and NIST National Vulnerability Database Integration- API (Unmapped CPE) integrations and will set its run field to on demand.
    • Additionally, a successful integration run of NIST National Vulnerability Database Integration- API (CPE only) will automatically trigger NIST National Vulnerability Database Integration- API (CVE only). And successful completion of NIST National Vulnerability Database Integration- API (CVE only) will automatically trigger NIST National Vulnerability Database Integration- API (Unmapped CPE).
    Note: The Import since date field in the NIST National Vulnerability Database Integration - API (CPE only) Integration is empty by default. Keep it empty to fetch data of the last 357 days.
    To retrieve historical data during your initial import from the NVD scan, set a start date in the NIST National Vulnerability Database Integration- API (CPE only) Integration record.
    1. Navigate to All > Vulnerability Response > Administration > Integrations.
    2. Select NIST National Vulnerability Database Integration–API (CPE only) Integration.
    3. Select the Integration Details tab.
    4. Set the Import since field's value to the earliest date you want to retrieve.
    Each successful import resets this date to the selected day's date and time.
  4. Select Execute Now to perform an initial full support integration run.
    After the initial import is complete, scheduled imports of delta data resume. For integration run statuses, see View the (National Vulnerability Database) NVD integration import run status.