Data transformation for the Microsoft Threat and Vulnerability Management Vulnerability Integration
-
- UpdatedAug 1, 2024
- 7 minutes to read
- Xanadu
- Vulnerability Response
Data transformation for the Microsoft Threat and Vulnerability Management Vulnerability Integration
After you identify the data that you want to import, the data is retrieved from the ServiceNow® Microsoft Threat and Vulnerability Management (MS TVM) application, processed through a set of data sources, and transformed in your instance.
During installation, normalized severity maps are installed in the Normalized Severity Mapping module. These maps transform imported Microsoft third-party vulnerability severity levels to standard severity levels for processing in your instance. For information about creating severity maps, see Create a Vulnerability Response severity map.
MS TVM Machines Import
The data from the imported machines is first loaded into the MS TVM Machines Import [sn_vul_msft_tvm_machines_import] table.
The following table lists the transform map fields by integration.
The following transform scripts are run during the transformation process.
MS TVM Machines transform map script timing and purpose
When the script is run | Purpose |
---|---|
onStart (when an import set has started transformation). | Script that is used to initialize the values in the scope variable (sn_vul_msft_tvm) for the integration process. This script is for internal use and should not be modified or deleted. |
onBefore (before an import set has completed transformation). | Script that is used to update values in the host and verify whether the host exists. Based on the results, this script modifies the values in the scope variable (sn_vul_msft_tvm). This script is for internal use and should not be modified or deleted. |
onComplete (when an import set has completed transformation). | Script that is used to set the number of CIs created, updated, and ignored. This script is for internal use and should not be modified or deleted. |
The MicrosoftTVMMachinesProcessor script include is called from the onBefore transform script. It takes the output from the Microsoft TVM machines' integration and transforms it into a CI. Any changes to this script include may alter the transformation of the Microsoft TVM machines' data in the CI and Discovered item table.
MS TVM Vulnerabilities integration
The following table lists the transform map fields by integration.
The following transform scripts are run during the transformation process.
When the script is run | Purpose |
---|---|
onStart (when an import set has started transformation). | Script that is used to initialize the values in the scope variable (sn_vul_msft_tvm) for the integration process. This script is for internal use and should not be modified or deleted. |
onBefore (before an import set has completed transformation). | Script that is used to create or update the values in the NVD or the third-party entry table. This script is for internal use and should not be modified or deleted. |
onComplete (when an import set has completed transformation). | Script that is used to set the values of the new items that were created and the items that have been updated and ignored. This script is for internal use and should not be modified or deleted. |
MS TVM Recommendations import
The following table lists the transform map fields by integration.
The following transform scripts are run during the transformation process.
When the script is run | Purpose |
---|---|
onStart (when an import set has started transformation). | Script that is used to initialize the values in the scope variable (sn_vul_msft_tvm) for the integration process. This script is for internal use and should not be modified or deleted. |
onBefore (before an import set has completed transformation). | Script that is used to update values in the recommendations and verify whether the recommendations exist. This script is for internal use and should not be modified or deleted. |
onComplete (when an import set has completed transformation). | Script that is used to set the values of items created, updated, and ignored. This script is for internal use and should not be modified or deleted. |
MS TVM Machine Vulnerabilities import
The following table lists the transform map fields by integration.
The following transform scripts are run during the transformation process.
When the script is run | Purpose |
---|---|
onStart (when an import set has started transformation). | Script that is used to initialize the values in the scope variable (sn_vul_msft_tvm) for the integration process. This script is for internal use and should not be modified or deleted. |
onBefore (before an import set has completed transformation). | Script that is used to check if the Vulnerability Entry and Detections exist. If not, these records are created in their respective tables. This script is for internal use and should not be modified or deleted. |
onComplete (when an import set has completed transformation). | Script that is used to update the count of VIs and Detections as imported from MS TVM. This script is for internal use and should not be modified or deleted. |