Understanding the NVD integrations
-
- UpdatedAug 1, 2024
- 4 minutes to read
- Xanadu
- Vulnerability Response
The NVD integrations use data imported from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) product to help you determine the impact and priority of flaws in your code. Run this integration as part of your initial setup of Vulnerability Response and prior to importing vulnerability data into your instance with a third-party scanner product.
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Available versions
| Release version | Release Notes |
|---|---|
Vulnerability Response Integration with NVD v1.2 |
Initial import of vulnerability data with the NVD and CWE integrations
- Perform an initial import of CWE data with the CWE Comprehensive 2000 Integration.
See Configure and run the scheduled job for updating CWE records. You perform CWE updates On Demand from the integration record by default, and, you must configure it.
Note: Schedule the CWE update to run prior to the NVD database update. The default day for the NVD update is Weekly on Monday. - Verify the Vulnerability Response Integration with NVD application is installed and an initial data import from either the NIST National Vulnerability Database Integration - API (CVE only) or the NIST National Vulnerability
Database Integration - API (CVE and CPE) is successful.
For CPEs, verify an initial data import from the NIST National Vulnerability Database Integration - API (CPE only) is successful.
Activation of this plugin on production instances may require a separate license. After the plugin is installed, the NIST National Vulnerability Database Integration - API (CVE only) is activated by default. It runs daily. See Install the Vulnerability Response Integration with the NIST National Vulnerability Database for more information.
- Third-party libraries are updated as scheduled jobs. Refer to your integration documentation at Vulnerability Response integrations for more information about third-party integrations.
Understanding imported vulnerability data and vulnerable items
In your ServiceNow AI Platform instance, each imported vulnerability is represented by a vulnerability entry in the source libraries of third-party scanner products like Qualys, for example. The vulnerable items (VI)s that are imported and updated in your instance are references to third-party libraries, such as the Qualys library. A third-party library can, in turn, reference back to the NVD.
For example, when you ingest third-party vulnerability data from a product like Qualys, you're ingesting VIs that reference a QID (Qualys Identifier). In the case of Qualys, that QID in turn references a CVE from the NVD library. When you click that QID in a remediation task or vulnerable item record in the Vulnerability Response application, and you've run the NVD and CWE integrations to ingest data, you are viewing current, enriched vulnerability data that lets you see the relationships that exist between your VIs and CVEs, CWEs, and CPEs.
Before you run a third-party scanner product like Qualys that has its own library, you must first install and run, at a minimum, the NIST National Vulnerability Database Integration- API (CVE only) integration (also includes CISA-related details), CWE Integration to ingest vulnerability data. These NVD and CWE data imports enrich your Vulnerability Response or Application Vulnerability Response data prior to importing data with a third-party product.
For more information about managing the NVD, CWE, and third-party libraries and viewing them, see Importing data with the NVD and CWE integrations and managing third-party libraries and View Vulnerability Response vulnerability libraries.
After you verify the successful NVD import, to further enrich your vulnerability data, Configure and run the scheduled job for updating CWE records.
Perform the NVD and CWE imports prior to importing vulnerability data with a third-party product. Third-party libraries are updated as scheduled jobs. Refer to your integration documentation at Vulnerability Response integrations for more information about third-party integrations.
Locating the NVD integrations
To view the NVD integrations, navigate to .
| Integration | Description |
|---|---|
| NIST National Vulnerability Database Integration - API (CVE only) | Retrieves only NIST NVD vulnerability data (CVE). By default, this integration is automatically set to run daily. |
| NIST National Vulnerability Database Integration-API (CPE only) | Retrieves CPE data from NIST NVD. This integration is inactive by default. Activate this integration if you want to capture CPE data that includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. This information is stored in Vulnerable Software. This integration is set to run daily and is inactive by default. To activate this integration, see Activate the NIST National Vulnerability Database–API (CPE only). |
| NIST National Vulnerability Database Integration-API (Unmapped CPE) | Retrieves CPE data associated with fetched CVE from NIST NVD. This integration is inactive by default. Activate this integration if you want to capture CPE data that includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. This information is stored in an NVD vulnerability entry record related list. This integration is set to run On Demand and is inactive by default. To activate this integration, see Activate the NIST National Vulnerability Database–API (Unmapped CPE). |
For integration run statuses see, View the (National Vulnerability Database) NVD integration import run status.