Installation of Vulnerability Response and supported applications

Release version: Xanadu

Updated August 1, 2024

2 minutes to read

Summarize

Summarized using AI

Summary of Installation of Vulnerability Response and supported applications

The Vulnerability Response application, available from the ServiceNow Store, is essential for managing vulnerabilities within your environment. It supports integration with other ServiceNow applications and third-party systems to enhance vulnerability data management. Installation and configuration provide a foundational setup that you can extend with additional applications and integrations based on your organizational needs.

Show full answer Show less

Key Features

Basic Setup: Install the Vulnerability Response application as the first step, then use the Setup Assistant to assign user roles, create or modify assignment and remediation rules, set target dates, and configure risk calculators.
Third-Party Integrations: From the Setup Assistant, you can select, install, and configure supported third-party integrations that import vulnerability data from external vendors and systems.
NVD and CWE Libraries: Run scheduled jobs for NVD (National Vulnerability Database) and CWE (Common Weakness Enumeration) integrations as part of the initial setup to keep vulnerability data current.
Analytics Applications: Optionally install the Performance Analytics Content Pack for Vulnerability Response to access reports covering all vulnerability management lifecycle stages.
Solution Management: Optionally install the Solution Management for Vulnerability Response application to correlate vulnerabilities with remediation solutions, including Microsoft and Red Hat integrations (requires a separate subscription).
Mobile Experience: Optionally install the ServiceNow Agent app and Vulnerability Response Mobile app to enable mobile access to vulnerability management capabilities.

Additional Setup and Advanced Configuration

Beyond the basic configuration, additional setup tasks are available to enhance reporting, email notifications, native integrations, and vulnerable item management. These are generally performed outside the Setup Assistant.

Advanced configuration tasks that require coding or specialized ServiceNow expertise are also available but are not part of the basic installation process.

What to Expect

After installation and initial configuration, you will have a functional Vulnerability Response environment capable of managing vulnerabilities, integrating external data, and supporting remediation workflows. Optional applications and integrations allow you to expand capabilities, improve reporting, and enhance user experience, including mobile access.

The Vulnerability Response application is available from the ServiceNow Store. The application supports other ServiceNow applications and third-party integrations that you also download from the ServiceNow Store. More options also are available to extend the basic setup.

Tasks for basic setup

The Vulnerability Response application is required as a first step. For more information about installing it, see Implementation checklist for the Vulnerability Response application and Install the Vulnerability Response application.

After installation is completed, you can Configure Vulnerability Response using Setup Assistant.
With the Setup Assistant, assign users and groups for access to the application, create or edit assignment rules, remediation task rules, and target dates, set up risk calculators.
You can also select, install, and configure one or more supported third-party integrations from the Setup Assistant. These integrations retrieve vulnerability data from external systems and vendors. For more information about how integrations work and the integrations supported by Vulnerability Response, see Vulnerability Response integrations.
Prior to implementing any third-party integrations, run the NVD integration and CWE scheduled job as part of your initial setup of Vulnerability Response.
See Importing data with the NVD and CWE integrations and managing third-party libraries and Configure and run the scheduled job for updating CWE records for more information about installing, configuring, and viewing the NVD and CWE libraries.
Select an analytics application, when applicable. The Performance Analytics Content Pack for Vulnerability Response application contains reports that cover all stages of the vulnerability management lifecycle.
[Optional] Install and configure the Performance Analytics for Vulnerability Response [PA] application application.
Select a solutions application, when applicable. Solution management helps you correlate the vulnerabilities in your environment with the solutions that could remediate them. [Optional] Install the Solution Management for Vulnerability Response application.
Note:
- When the Vulnerability Solution Management application is enabled, the Microsoft Security Response Center Solution Integration and the Red Hat Solution Integration are available to edit in Setup Assistant.
- Vulnerability Solution Management requires a separate subscription. For more information, see Vulnerability Solution Management.
[Optional] Install the ServiceNow Agent app and the Vulnerability Response Mobile app for the Mobile experience for Vulnerability Response.

Other setup tasks you can perform

These additional setup tasks add to your basic configuration and support remediation with options for reporting, email notifications, native integration configuration, and working with vulnerable items. Most of these tasks are performed outside of the Setup Assistant. See Additional Vulnerability Response setup and configuration tasks.

Advanced tasks outside of the basic setup

These optional configuration tasks are performed outside of Setup Assistant and require coding or advanced ServiceNow expertise and are not considered part of the basic configuration. See Advanced Vulnerability Response configuration tasks.