Integrating Application Vulnerability Response with other applications

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrating Application Vulnerability Response with Other Applications

    Application Vulnerability Response supports third-party integrations to enhance vulnerability data by retrieving information from external systems and vendors. Key integrations include Fortify, GitHub, Invicti, Veracode, and Atlassian Jira. Note that multi-source integrations are not supported, and there is no deduplication of application vulnerable items across different integrations.

    Show full answer Show less

    Key Features

    • Manual Ingestion: Users can manually create agile issues in the Vulnerability Manager Workspace to track remediation efforts.
    • Data Processing: Each integration executes multiple processes, managing data in pages. Import queue entries must process within a one-hour limit, with mechanisms in place to handle timeout errors.
    • Timestamps and Heartbeats: Starting from version 18.2.4, heartbeats are sent periodically to indicate active processing, helping to manage integration health.
    • Scheduled and Manual Runs: Integrations are configured to run on a schedule but can also be executed manually as needed by users with the appropriate role.

    Key Outcomes

    By leveraging these integrations, ServiceNow customers can efficiently manage and respond to application vulnerabilities, ensuring timely data processing and improved tracking of remediation efforts. Regular updates and monitoring allow for proactive management of potential issues within the application landscape.

    Vulnerability Response includes support for third-party integrations.

    Third-party integrations

    Application vulnerability integrations help enrich the application vulnerability data on your instance by retrieving data from external systems and vendors. See the following overview topics for more information about supported integrations:
    Note:

    Multi-source integrations are not supported in Application Vulnerability Response. Third-party integrations are treated separately. If more than one third-party integration application is in use in your environment, there is no application vulnerable item (AVI) deduplication across integrations.

    Additional notes for integrations

    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 18.2.4 of Application Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
    Note:
    The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.

    Vulnerability integrations for Application Vulnerability Response are configured to run on a scheduled basis. However, you can run them manually when needed.

    Role required: sn_vul.app_read_integrations

    1. Navigate to All > Application Vulnerability Response > Administration > Integrations.
    2. Open the record for the integration that you want to run.
    3. Click Execute Now.