Rapid7 Vulnerability Integration run status chart

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Rapid7 Vulnerability Integration run status chart

    The Rapid7 Vulnerability Integration enables ServiceNow customers to monitor and manage vulnerability data collected by Rapid7 Nexpose sensors, which send information to Rapid7 InsightVM or Nexpose products for continuous analysis. This integration seamlessly works with ServiceNow Vulnerability Response to correlate vulnerabilities with Configuration Items (CIs) and business services, helping prioritize remediation based on impact and threat level.

    Show full answer Show less

    The Rapid7 Vulnerability Integration Run Status module provides graphical and interactive visualizations of integration run statuses, accessible in the New Experience UI (version 19.0+). These visualizations dynamically update as vulnerability data changes, allowing customers to track remediation progress and vulnerability severity effectively.

    Key Features

    • Dynamic Data Visualizations: Visual tools in Vulnerability Response Workspaces show active vulnerabilities' count and severity, updating in real time.
    • Integration Run Status Dashboard: A graphical view of the status of Rapid7 integration runs, including successful and failed runs over the last 30 days.
    • Performance Metrics Graphs: Two new graphs compare daily performance metrics (such as assignment rules, queue wait/process times) and ingestion throughput (items per hour) to identify performance deviations. These are supported only for InsightVM integration.
    • Detailed Run Data: Reports include counts of new, updated, and imported vulnerable items per integration run. Duplicate items are no longer tracked and can be removed from the display.
    • Interactive Reporting: Users can hover over or click chart elements to view detailed data and drill down into specific integration run information.

    Practical Details and Usage

    • Integration runs with zero new or updated items or CIs are filtered out from the runs list to focus on meaningful activity.
    • The "Updated items" count reflects the total number of updates, including multiple updates to the same item within a run.
    • Customers using ServiceNow version 16.1 or above can verify detection counts by comparing Rapid7 findings with data in the snvuldetection table after integration completion.

    Benefits for ServiceNow Customers

    This integration provides ServiceNow customers with enhanced visibility into vulnerability data ingestion from Rapid7, enabling:

    • Improved prioritization of vulnerabilities based on their mapped impact to CIs and business services.
    • Real-time monitoring of integration run health and performance to quickly identify and address issues.
    • Efficient tracking of remediation progress through dynamic workspaces and detailed reporting.
    • Performance insights to optimize data processing and integration throughput.

    Rapid7 Nexpose sensors collect the data and automatically send it to the Rapid7 Nexpose or Rapid7 InsightVM products, which continuously analyze and correlates the information.

    Data visualizations in the Vulnerability Response Workspaces

    The Vulnerability Response Workspaces include data visualizations that can help you monitor your remediation progress. You can determine the threat level to your organization by viewing the number and severity of active vulnerabilities that are important to your organization on dynamic data visualizations that are updated as vulnerability data changes. See Vulnerability Response Workspaces, Vulnerability Manager Workspace and Exploring the IT Remediation Workspace for more information about the dynamic data visualizations that are available.

    Rapid7 Vulnerability Integration works easily with Vulnerability Response to map vulnerabilities to CIs and business services to determine impact and priority of potentially malicious threats. The Rapid7 Vulnerability Integration Run Status module is a graphical view of the status of Rapid7 Vulnerability Integration runs.

    To view this data in the legacy view, navigate to All > All Rapid7 Vulnerability Integration > Integration Run Status.

    Starting with version 19.0 of Vulnerability Response, this dashboard is available in the New Experience UI.
    Note:
    If you are on Tokyo, you can view the dashboards in the Next Experience UI but with some functional loss.

    Previous versions of Vulnerability Response

    In the chart, point to any part (bar, pie, data point, and so on) to view general data specific to that part. If you click any part of a report, a list opens to provide detailed information.

    Multiple factors can impact the performance of the integration run, like the amount of data and time taken to process this data. Two new graphs have been added to compare the performance metrics:
    • Rapid7 Vulnerable Item Ingestion Performance Metrics: Compare daily performance metrics for assignment rules, group rules, risk rules, queue wait time, queue processing time, and other statistics for vulnerable items for the last 30 days, to identify the cause for any deviations in performance.
    • Rapid7 Vulnerable Item Ingestion Performance Throughput: Compare daily vulnerable item ingestion throughput for the Rapid7 Vulnerable Item Integration - API. Throughput is measured in items per hour.
    Note:
    In Rapid7, these graphs are supported only for the Insight VM integration.
    Figure 1. Rapid7 integration run status
    Rapid7 Integration Run Status
    Figure 2. Sample Rapid7 Vulnerability Integration run status chart
    Integration run status chart example from host detection
    • The value in the Imported Items column represents the total number of vulnerable items that are created from an integration run.
    • The New items column displays the number of vulnerable items that are created from an integration run.
    • The Duplicate items column is no longer populated. You may prefer to remove this column from the display.
    • The Updated items column displays the number of times vulnerable items are updated during an integration run. This value is not the number of unique vulnerable items that are updated. If for example, a vulnerable item is updated two times during the integration run, it is counted two times and displayed as 2 updated items.
    • The Unchanged items column displays vulnerable items found during the integration run that already exist in the database but were not updated, because none of the relevant field values had changed.
    Note:
    Integration runs with zero results for all four of the following values: New CIs, Existing CIs, New Items, and Updated Items are filtered out of the Rapid7 Integration Runs list.
    Table 1. Rapid7 Vulnerability Integration run status chart reports
    Name Description
    Last 30 Days Rapid7 Results The number of integration runs completed for each integration. Shows both successful and failed runs. Run in a bar visual.
    Last 30 Days Rapid7 New VIs The number of new vulnerable items imported in the last 30 days. Shown as an integer.
    Last 30 Days Rapid7 Updated VIs The number of updated vulnerable items imported in the last 30 days. Shown as an integer.
    Last 30 Days Rapid7 Duplicates The number of duplicate vulnerable items imported in the last 30 days. Shown as an integer.
    Rapid7 Integration Runs The integration run records in a list.
    Note:
    V16.1: To verify detections for this integration, compare the detections or findings with the ServiceNow detection data in the sn_vul_detection table.

    While the integration is in progress, there might be a change in the detection or findings count. This report displays the count of detections in the ‘Till date count’ column in the instance, after the completion of the integration run.
    Last 30 Days Rapid7 Vulnerable Item Ingestion Performance Metrics Daily performance metrics for vulnerable items compared for the last 30 days.
    Last 30 Days Rapid7 Vulnerable Item Ingestion Performance Throughput Daily vulnerable item ingestion throughput for the Rapid7 Vulnerable Item Integration - API measured for the last 30 days.