Vulnerability Response integrations
-
- UpdatedAug 3, 2023
- 3 minutes to read
- Vancouver
- Vulnerability Response
Vulnerability Response includes support for third-party integrations. Included in this section are some basic guidelines for developing your own integrations.
Third-party integrations

Imported vulnerabilities from the National Vulnerability Database (NVD) and detection data from third-party scanners are reconciled with the assets in your CMDB. When an imported vulnerability matches an existing asset, a vulnerable item is created. Vulnerable items are grouped automatically into tasks for remediation, risk-scored with business context, prioritized and assigned to appropriate teams for remediation.
Third-party integrations are treated separately. If more than one third-party integration application is in use in your environment there is no vulnerable item (VI) deduplication across integrations. For example, VI deduplication between Rapid7 and Qualys is not available.
However, mismatches in detection count between a third-party scanner (for example, Qualys) to VIs in your ServiceNow instance are expected, since we dedupe across IPs, ports and so on.
For information about third-party integrations supported by Application Vulnerability Response see, Integrating Application Vulnerability Response with other applications
- CISA Known Exploit Vulnerability (KEV) Integration
- Understanding the Microsoft Threat and Vulnerability Management Vulnerability integration
- Understanding the HCL BigFix patch orchestration integration with Vulnerability Response
- Understanding the Vulnerability Response patch orchestration integration with Microsoft SCCM
- Understanding the NVD integrations
- Qualys Vulnerability Integration
- Understanding the Rapid7 Vulnerability Integration
- Shodan Exploit Integration
- Understanding the Tenable Vulnerability Integration
- Microsoft Security Response Center Solution Integration
The Microsoft Security Response Center Solution Integration is available with Vulnerability Solution Management. For information on the installation and configuration of the Microsoft Security Response Center Solution Integration and the Red Hat Solution Integration, see Install the Solution Management for Vulnerability Response application. You can configure, edit, schedule, and launch on-demand the Microsoft Security Response Center Solution Integration and the Red Hat Solution Integration from within the Setup Assistant.
Additional notes for integrations
If multiple deployments are supported for an integration, see Create domain-separated imports for an integration.
- You can install, configure, schedule, and launch on-demand many of the integration applications from within Setup Assistant.
- You can install the Rapid7 Vulnerability Integration application from Setup Assistant, but configuration is not supported for this integration from within the Setup Assistant. See Install the Rapid7 Vulnerability Integration for more information.
- The Tenable for Vulnerability Response application by Tenable is created and maintained by Tenable. See their documentation at Tenable for Vulnerability Response.
- sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
- sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.
State name prior to V17.1 | State name V17.1 onwards |
---|---|
Processing | Retrieving |
WaitComplete | Waiting/Processing |
waitcomplete
, it displays the percentage of integration that is
complete.Manually created integrations
You can add other integrations that are not available as ServiceNow Store applications, as needed. See Manually create a vulnerability integration for more information.