Vulnerability Response applications and CSDM tables

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vulnerability Response Applications and CSDM Tables

    The Vulnerability Response applications, including Application Vulnerability Response, third-party vulnerability integrations, and Software Bill of Materials applications, manage and utilize data from Common Service Data Model (CSDM) tables. These applications enhance the security operations within ServiceNow by integrating vulnerability data from various sources, allowing for effective management and remediation of vulnerabilities across assets.

    Show full answer Show less

    Key Features

    • Integration with third-party vulnerability scanners, enabling the importation of vulnerability data directly into the Vulnerability Response applications.
    • Utilization of specific CSDM tables such as Host Vulnerability Response Discovered Items and Application Vulnerability Response Discovered Applications to manage vulnerabilities effectively.
    • Capability to leverage scripted rules for automatic assignment of vulnerable items based on Configuration Item (CI) attributes, enhancing remediation processes.
    • Reference to essential CSDM tables, including Product Model, Application Model, Configuration Item, and Business Service tables, for comprehensive vulnerability management.

    Key Outcomes

    By using these applications, organizations can:

    • Automatically create and prioritize vulnerable items for remediation based on imported vulnerability data.
    • Enhance decision-making regarding vulnerability remediation through enriched data from the National Vulnerability Database (NVD) and Common Weakness Enumeration (CWE).
    • Achieve improved visibility into enterprise asset inventory and security posture via integrations with Security Posture Control, Governance, Risk, and Compliance, and DevOps tools.
    • Seamlessly link service instances or business applications with product models during Software Bill of Materials uploads, optimizing asset management processes.

    The Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications manage (contribute data to) CSDM tables. These applications also use data from CSDM tables that other applications generate. Several ServiceNow products, therefore, benefit from and add value to these Security Operations applications.

    Figure 1. The CSDM data framework and Vulnerability Response applications
    Tables highlighted that are referenced and used by the Vulnerability Response applications

    CSDM tables referenced by Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications

    As assets are imported from third-party vulnerability scanners (integrations), they are brought into Vulnerability Response and represented in specific tables:
    • Host Vulnerability Response Discovered Items.
    • Cloud and Container Vulnerability Response discovered images
    • Application Vulnerability Response Discovered Applications (product model)
    As part of the Security Operations CMDB configuration item (CI) look up, a search is performed to match a (CI) record from imported data with existing records in the CMDB.

    Each specific CI Record may contain non-discoverable attributes, for example, Support Group, or Classification, that are populated on the CI that can be used as input for vulnerable item assignment Rules. These attributes might be populated from Common Service Data Model (CSDM) synchronizations based on upstream Technical Service Offerings.

    If you want to leverage related CSDM objects for Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications, you need to use scripted rules.

    For example, to automatically assign vulnerable items for remediation using vulnerable item assignment rules, you might create a rule that leverages configuration item Classification values as they are updated on imported vulnerability entries. For this case, you need a scripted rule to query the target value you want from the related CSDM object.

    Below is an example of a scripted query that you might use to see if a CI has Java and is tied to a vulnerability entry.

    Scripting example that shows

    Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications reference the following tables. Refer to the CSDM data framework and Vulnerability Response applications image for more information.
    • The Product Model [cmdb_model] table (referenced by Application Vulnerability Response and Software Bill of Materials).
    • The Application Model [cmdb_application_product_model] table (referenced by Application Vulnerability Response and Software Bill of Materials).
    • The Configuration Item [cmdb_ci] table.
    • The Business Service [cmdb_ci_service_business] table.
    • The Service [cmdb_ci_service] table.
    • CMDB Group [cmdb_group] table.
    • Dynamic CI Group [cmdb_ci_query_based_service] table.

    CSDM tables used by Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications

    1. Product Model [cmdb_model] table (used by Application Vulnerability Response and Software Bill of Materials).
    2. Application Model [cmdb_application_product_model] table (used by Application Vulnerability Response and Software Bill of Materials).
    3. The Configuration Item [cmdb_ci] table.
    4. Business Application [cmdb_ci_business_app] (used by Application Vulnerability Response and Software Bill of Materials).
    5. Business Service [cmdb_ci_service_business].
    6. Technology Management Service [cmdb_ci_service_technical] table (formerly Technical Service).
    Note:

    When you upload Software Bill of Materials files, the SBOM applications try to match any Product Model and Business Applications you upload to those that already exist in your CMDB. You can link service instances (formerly called application services) or business applications to a product model.

    Products that add value to Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications

    Using the Vulnerability Response applications with the following ServiceNow products can benefit your organization.
    Third-party vulnerability scanners and integrations

    Imported vulnerabilities from the National Vulnerability Database (NVD) and detection data from third-party scanners are reconciled with the assets in your CMDB. When an imported vulnerability matches an existing asset, a vulnerable item is created. Vulnerable items are grouped automatically into tasks for remediation, risk-scored with business context, prioritized and assigned to appropriate teams for remediation. For more information and a list of integrations see Vulnerability Response integrations.

    The CWE Comprehensive 2000 and NVD Integrations

    Imported data from the NIST National Vulnerability Database (NVD) and Common Weakness Enumeration (CWE) integrations is used to enrich the vulnerability data in your instance and help you decide whether to escalate remediation for a vulnerability, vulnerable item, or remediation task. See Understanding the NVD integrations and Configure and run the scheduled job for updating CWE records for more information.

    Products that benefit from integration with Software Bill of Materials

    Security Posture Control

    Security Posture Control enables cybersecurity teams to get visibility into their complete enterprise asset inventory and determine their overall security posture. Policies in SPC can help you detect assets with vulnerability that you import with the Vulnerability Response applications to help you locate security tool coverage gaps.

    Governance, Risk, and Compliance

    Connect security and IT with an integrated risk program offering continuous monitoring, prioritization, and automation.

    DevOps

    Protect your environments from potentially harmful components during software development cycles with GitHub Actions that you initiate from your GitHub environment. Upload SBOM files to the ServiceNow AI Platform from your GitHub repositories.