Configuring Vulnerability Response using the Setup Assistant

  • Release version: Xanadu
  • Updated August 1, 2024
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Vulnerability Response using the Setup Assistant

    The Setup Assistant in ServiceNow guides you through configuring Vulnerability Response and certain third-party integrations efficiently. It streamlines the installation, role assignment, rule creation, and integration setup processes, enabling you to effectively manage vulnerabilities, automate remediation, and prioritize risk within your environment.

    Show full answer Show less

    System Administration and Role Management

    To use the Setup Assistant, you need two key roles: admin and vulnerability admin. Initially, obtain a list of users and integrations from your Vulnerability Manager. Through the Setup Assistant, an admin assigns appropriate Vulnerability Response personas and granular roles to users and groups, controlling access and permissions:

    • snvul.admin: For administration and configuration of Vulnerability Response, including integrations and remediation rules.
    • snvulvulnerabilitywrite: To create and update remediation tasks and vulnerable items.
    • snvulvulnerabilityread: For viewing remediation tasks and vulnerability information.
    • Users with the itil role automatically receive remediation owner access without additional assignment.

    The Setup Assistant also facilitates installing supported third-party vulnerability integration applications to expand your environment's capabilities.

    Vulnerability Response Settings

    Users with the snvul.vulnerabilityadmin or snvul.admin (deprecated) role, or admin, can configure application-wide settings and rules, including:

    • Vulnerability Assignment Rules: Automate assignment of remediation tasks. Activate the scheduled job to reapply these rules across your open vulnerabilities to maintain consistent task assignment. Scheduling frequency should be adjusted based on your environment size to avoid performance issues.
    • Remediation Task Rules: Define automatic creation of remediation tasks. Deleting a group rule optionally removes all open groups created by that rule.
    • Risk Calculators: Enable and customize calculators that score vulnerabilities to prioritize remediation efforts effectively.
    • Remediation Target Rules: Set rules for remediation categories to streamline workflows.

    Integration Configuration

    The Setup Assistant enables configuration, scheduling, and management of third-party vulnerability scanner integrations and solution providers, requiring the snvul.vulnerabilityadmin or admin role. Supported integrations include:

    • Qualys Vulnerability Integration
    • Tenable Vulnerability Integration
    • Solution providers like Red Hat and Microsoft Security Response Center, available upon installing the Solution Management for Vulnerability Response application.

    Multiple deployments of the same third-party integration are supported by using the original integration settings as templates. Instead of deleting integrations, consider disabling them to preserve templates and prevent unintended disruption. Note that multiple Rapid7 InsightVM integrations require special domain-separated configuration outside of Setup Assistant.

    Additional Considerations

    For setup and configuration tasks not covered by the Setup Assistant, refer to additional Vulnerability Response setup documentation to ensure comprehensive environment configuration.

    Setup Assistant walks you through setting up Vulnerability Response and certain third-party integrations for your environment. Setup Assistant provides almost everything you need to install and set up your environment so that you can use Vulnerability Response.

    Figure 1. Setup Assistant functionality
    Setup Assistant functionality with System Administration, Vulnerability Response Settings, and Integration Configuration sections.

    Using Setup Assistant requires two different ServiceNow AI Platform® roles: admin and vulnerability admin.

    Refer to the following sections to supplement the instructions and prompts provided in Setup Assistant.

    System Administration - assign users and groups and install integration applications

    Role required: admin

    A list of users and integrations should be obtained from the Vulnerability Manager prior to beginning these tasks.

    1. Navigate to All > Vulnerability Response > Administration > Setup Assistant.
    2. In the first section, System Administration, the admin the assigns roles to users and groups and installs supported integrations.

      Assign Vulnerability Response personas and roles to users and groups in Setup Assistant.

      Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

    3. Assign roles in Setup Assistant.
      • Assign the role of sn_vul.admin to users or groups.
      • Assign the sn_vul.admin role for Vulnerability Response administration and configuration including vulnerability integrations, remediation task rules, calculators, and time-to-remediate rules.
      • Assign the sn_vul_vulnerability_write role for the creation and update of remediation tasks and vulnerable items.
        Note:
        All other users automatically receive Write access only to remediation tasks that are assigned to them.
      • Assign the sn_vul_vulnerability_read role to view remediation tasks, vulnerable items, and other vulnerability information.
        Note:
        Users with the itil role are automatically granted the sn_vul.remediation_owner role allowing them to see remediation tasks and vulnerable items assigned to them, vulnerability entries, and, solutions in the Vulnerability Response application on their instance and in the Mobile Agent application. No additional assignment is needed.
    4. Install third-party integration applications.

    Vulnerability Response Settings

    Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin

    Setup Assistant Vulnerability Response Settings section, which includes Vulnerability Assignment Rules, Vulnerability Group Rules, Risk Calculators, and Remediation Target Rules.

    In Vulnerability Response Settings, the vulnerability administrator defines application-wide settings and defines rules for Vulnerability Response. Alternatively, the admin can perform these tasks.

    1. Create Vulnerability Assignment Rules.

      Create rules that define the automatic assignment of remediation tasks for resolution. At least one rule is shipped with the base system. See Vulnerability Response assignment rules overview for more information.

      Note:

      The reapply feature requires a baseline application of the rules. Once your rules are created, activate the Reapply all vulnerability assignment rules scheduled job to execute, at your convenience. Otherwise, you will be required to reapply all rules to all Open VIs prior to changing them.

      When the job is complete, set the Run field in the scheduled job to fit your environment. Depending on the number of active VIs you have, evaluating and updating them daily can have non-trivial performance impact. For larger environments, consider updating once a week or even once a month.

      Reapplying assignment rules does not regroup the vulnerable items.

    2. Create remediation task rules.

      Create rules that define the automatic creation of remediation tasks for resolution. At least one rule, Vulnerability, is shipped with the base system. You can reapply the rules from the form or list view.

    3. Create and enable Risk Calculators.

      Enable risk calculators that define how vulnerable items are scored for prioritization. Several risk calculators are shipped with the base system. See Vulnerability Response calculators and vulnerability calculator rules information on creating or editing risk calculators for your environment.

    4. Create Remediation Target Rules.

      Create remediation target rules for categories of remediation. At least one rule is shipped with the base system. See Vulnerability Response remediation target rules for more information on creating rules for your environment.

    Integration Configuration

    Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin.

    Setup Assistant Integration Configuration section that includes Scanner Integrations.

    In the Integration Configuration section, configure, schedule, edit, and launch on-demand the following third-party vulnerability scanner integrations and, if the Solution Management for Vulnerability Response application is installed, solution providers.

    Note:
    Multiple vulnerability integrations for Rapid7 InsightVM are not available within Setup Assistant. See Create domain-separated imports for an integration for information on configuring and creating multiple Rapid7 InsightVM integrations.

    Additional tasks

    See Additional Vulnerability Response setup and configuration tasks for more information on setup tasks not included in Setup Assistant.