Understanding the Microsoft Security Response Center Solution Integration

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Understanding the Microsoft Security Response Center Solution Integration

    The Microsoft Security Response Center (MSRC) Solution Integration is a feature within ServiceNow's Vulnerability Solution Management, part of the Vulnerability Response application (available by separate subscription). It enables customers to review and implement remediation solutions provided by the MSRC, which investigates and addresses security vulnerabilities in Microsoft products and services.

    Show full answer Show less

    This integration imports known remediation solutions directly from MSRC into your ServiceNow instance, helping you manage security risks effectively by associating these solutions with vulnerabilities, vulnerable items, and remediation tasks.

    Key Features

    • Automated Scheduled Jobs: The integration runs scheduled jobs that keep your vulnerability remediation lifecycle synchronized with MSRC and other vulnerability management systems. These jobs can also be executed manually as needed.
    • Integration Access: Entry points to the MSRC product are accessible under Vulnerability Response administration, simplifying solution management and updates.
    • Role-Based Access Control: The integration supports various roles such as vulnerability administrators, remediation owners, and read/write roles, enabling granular control over user permissions for managing vulnerabilities and solutions.
    • Solution Data: Imported solutions include National Vulnerability Database (NVD) mappings to associate with vulnerabilities, but only cover solutions from 2016 onward.
    • Preconfigured Run-As User: The integration uses a default run-as user (VR.System) to operate scheduled jobs, which should not be changed to ensure proper functioning.

    Practical Use and Configuration

    To use the MSRC Solution Integration, navigate within ServiceNow to All > Vulnerability Response > Administration > Integrations. The integration retrieves remediation solutions and associates them with existing vulnerabilities to streamline the remediation process.

    Ensure you have the latest versions of Vulnerability Response and Vulnerability Solution Management installed for compatibility and access to current solutions. Installation and configuration guidance is available via ServiceNow’s Setup Assistant and documentation.

    Key Outcomes

    • Improved vulnerability management through timely, authoritative remediation solutions from Microsoft.
    • Automated synchronization of remediation data reduces manual effort and improves accuracy.
    • Granular role assignments enhance security and operational control within the Vulnerability Response application.
    • Association of MSRC solutions with vulnerabilities and remediation tasks accelerates resolution and reduces security risk exposure.

    Review and implement proposed remediation solutions provided by the Microsoft Security Response Center Solution Integration.

    Microsoft Security Response Center Solution Integration is included in the Vulnerability Solution Management feature of Vulnerability Response, available by separate subscription. See Vulnerability Solution Management for more information on how Vulnerability Response incorporates solutions.

    Microsoft Security Response Center investigates reports of security vulnerabilities affecting Microsoft products and services, and provides solution information to help manage security risks. Solutions are known remediations imported into your Microsoft Security Response Center Solution Integration from the Microsoft Security Response Center product.

    The Microsoft Security Response Center Solution Integration contains entry points to Microsoft Security Response Center product, invoked as scheduled jobs. Scheduled jobs simplify the vulnerability remediation lifecycle by keeping the instance synchronized with other vulnerability management systems. Scheduled jobs run automatically and in the order specified. You can also execute individual scheduled jobs manually.

    There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

    Available versions

    For the most current version of Vulnerability Solution Management and Microsoft Security Response Center solutions, verify you have the most current version of Vulnerability Response installed.

    For more information about installing and configuring Vulnerability Solution Management and solution integrations, see Install the Solution Management for Vulnerability Response application and Configure installed solution integrations for Vulnerability Solution Management using Setup Assistant.

    Release version of Vulnerability Response Version of Vulnerability Solution Management Release Notes

    Vulnerability Response v15.0

    		 v10.3

    For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes

    Roles

    Microsoft Security Response Center Solution Integration tasks involve the following roles.
    • sn_vul.vulnerability_admin or sn_vul.admin (deprecated): Can read, write, and delete records.
    • sn_vul.vulnerability_write: Can read and write records.
    • sn_vul.vulnerability.read: Can read records.
    • sn_vul.remediation_owner: Can read and write internal notes on records assigned to the remediation specialist group or individual. (Contained in the itil role.)

    Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

    Microsoft Security Response Center Solution Integration

    To view the Microsoft Security Response Center Solution Integration, navigate to All > Vulnerability Response > Administration > Integrations.

    The following integration is included in the base system.

    Table 1. Microsoft Security Response Center Solution Integration
    Integration Description
    Microsoft Security Response Center Solution Integration
    Retrieves solutions and National Vulnerability Database (NVD) mapping to associate solutions with vulnerabilities, vulnerable items, and remediation tasks.
    Note:
    The Microsoft Security Response Center Solution Integration does not provide solutions prior to 2016.

    Solutions

    To view imported solutions in a list, see View a solution.