Preparing for the Microsoft Threat and Vulnerability Management Vulnerability Integration

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Preparing for the Microsoft Threat and Vulnerability Management Vulnerability Integration

    This guide helps ServiceNow customers prepare for installing and configuring the Microsoft Threat and Vulnerability Management (MS TVM) Vulnerability integration with the ServiceNow Vulnerability Response application. Proper preparation ensures smooth import of vulnerability data into the ServiceNow AI Platform® instance and efficient management of vulnerabilities.

    Show full answer Show less

    Preparation Checklist

    • Obtain MS TVM Credentials: Have either ClientSecret, ClientId, and TenantId or Username, Password, ClientId, and TenantId ready for your MS TVM account.
    • Install Vulnerability Response Application: Ensure the Vulnerability Response application version 14.0 or higher is installed and activated before installing the MS TVM integration.
    • Download Integration Application: Acquire entitlements and download the MS TVM integration application to your ServiceNow AI Platform instance.
    • Estimate Vulnerable Items: Determine the expected volume of vulnerable items to import and confirm your instance can handle this load to avoid performance issues.
    • Assign Appropriate Roles and Groups:
      • admin: Installs the integration and assigns roles.
      • snvul.vulnerabilityadmin: Manages full configuration and access to Vulnerability Response.
      • snvulmsfttvm.configureintegration: Configures the MS TVM integration specifically.
      • snvulmsfttvm.readintegration: Views MS TVM integration records.
      • Vulnerability Response group: Default group with read and remediation roles; additional groups can be created as needed.
    • Install NVD Integration: Install the Vulnerability Response integration with the National Vulnerability Database (NVD) and run the NIST NVD API for CVE data to optimize performance.
    • Optimize Performance: Disable unused vulnerability calculators and notification-related business rules during initial import to reduce processing overhead and avoid excessive notifications.

    Next Steps

    After completing the preparation tasks, proceed to install and configure the Vulnerability Response Integration with the MS TVM application using the Setup Assistant in ServiceNow. This will enable automated vulnerability data import and integrated remediation workflows.

    You can prepare for the ServiceNow® Microsoft Threat and Vulnerability Management (MS TVM) Vulnerability integration by performing setup tasks.

    Before you begin using a checklist

    To install and configure the Vulnerability Response Integration with the MS TVM application, you can print the following checklist and verify the items listed are completed before you install the application and import vulnerability data into your ServiceNow AI Platform® instance.

    Table 1. Integration preparation checklist
    Task Description
    Checkbox image. Verify that you have one of the following sets of information:
    Checkbox image. If not already installed and activated, install the Vulnerability Response application before you install the third-party application.

    For more information about installing and activating the Vulnerability Response application, see Install Vulnerability Response. This integration requires version 14.0 of Vulnerability Response or later.
    Checkbox image.

    If you don't already have the application on your instance, get entitlements and download the Vulnerability Response integration with MS TVM application to your ServiceNow AI Platform® instance.

    See .
    Checkbox image.

    Estimate the number of vulnerable items that you expect to import.

    Verify that your instance can accept the number of vulnerable items that you expect to import. An undersized instance can lead to long load times. If you don't know the size of your instance, or if you need assistance, contact ServiceNow® Technical Support.
    Checkbox image.

    Verify that you have the following groups or users to manage the integrations and to remediate vulnerable items:

    admin
    Uses Setup Assistant to install the Vulnerability Response integration with the MS TVM application. If not assigned, the admin assigns the vulnerability admin (sn_vul.vulnerability_admin) and other roles in Setup Assistant.
    sn_vul.vulnerability_admin
    Completes the configuration of the MS TVM integration. This role has complete access to the Vulnerability Response (VR) application and its records. This admin configures all VR applications and rules and configures third-party integrations.
    sn_vul_msft_tvm.configure_integration
    Configures the MS TVM Vulnerability Integration. This role contains the sn_vul_msft_tvm.read_integration granular role.
    sn_vul_msft_tvm.read_integration
    Views (reads) records of the MS TVM Vulnerability Integration.
    Vulnerability Response group
    By default, the Vulnerability Response group is available in Setup Assistant. Users assigned to the Vulnerability Response group inherit the sn_vul.read_all and sn_vul.remediation_owner roles automatically.

    If not already created, you may prefer to create additional groups and add users with the User Administration module in your instance before you use Setup Assistant. For more information, see Create a user group.

    Persona and granular roles are available to help you manage what users can do and see in the Vulnerability Response application. For initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant.
    Checkbox image. Install the Vulnerability Response integration with NVD and run the NIST National Vulnerability Database Integration - API (CVE only).
    Checkbox image.

    To promote improved performance for your first import, you can disable certain features, rules, or jobs in your instance.

    • Disable vulnerability calculators if you do not use them. These calculators, plus any that you have defined, run every time a vulnerable item record is created or updated. For more information, see Disable the default vulnerability calculator if not used.
    • During the initial import of records, certain notification-related business rules can cause many notifications to be generated, which could impact the performance of the ingestion.

    You are ready to Install and configure the Vulnerability Response Integration with the MS TVM application using Setup Assistant.