The Vulnerability Response integration with the CISA Known Exploited Vulnerabilities (KEVs) catalog ingests data to help you effectively prioritize and remediate these vulnerabilities.

Request apps on the Store

Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

CISA enables urgent and prioritized remediation of actively exploited vulnerabilities for government agencies and corporations.

About CISA

Cybersecurity & Infrastructure Security Agency (CISA) is a U.S. Cybersecurity & Infrastructure Security Agency that publishes a report on the most exploited vulnerabilities. It easily integrates with Vulnerability Response to map Common Vulnerabilities and Exposures (CVE) vulnerabilities enriching the data in your instance. This information is then rolled up to the Third-Party Vulnerability Entries table. The earliest due date is considered for the roll-up to the vulnerable items.
Note: The CISA Exists check box for CVEs retrieved by CISA.
Values retrieved from the CISA integration:
  • CVE ID
  • Due date
  • Date added
  • Vendor/Project
  • Product
  • Known ransomware (starting from v21.0 of Vulnerability Response, a new field Known To Be Used in Ransomware Campaigns is ingested from the CISA Known Exploited Vulnerabilities (KEVs) catalog. It’s indicated by the flagging of the Known ransomware field on the National Vulnerability Entry database table. The flag is set at the Common Vulnerabilities and Exposures (CVE) level and rolled up to the third-party entry (TPE).

There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

Scheduled jobs

The CISA Integration is invoked automatically as a daily scheduled job. You can also execute individual scheduled jobs manually. Scheduled jobs simplify the vulnerability remediation life cycle by keeping the instance synchronized with other vulnerability management systems.

Available versions

Release version Release Notes

Vulnerability Response v16.5, v18.0

Vulnerability Response Integration with CISA v1.0, v1.2

Viewing the CISA integration

To view the CISA integration, navigate to Vulnerability Response > Administration > Integrations > CISA Known Exploit Vulnerability Integration.

The following integrations are included in the base system.
Note: Only the CISA Integration is active, by default.
Table 1. CISA integration
Integration Description
Cybersecurity & Infrastructure Security Agency (CISA) Integration Retrieves CISA vulnerability data (CVE) and enriches the existing vulnerability data. This integration is set automatically to run daily.

To view data in third-party vulnerabilities, see View Vulnerability Response vulnerability libraries.