Vulnerability Response applications and CSDM tables

  • Release version: Xanadu
  • Updated March 6, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vulnerability Response applications and CSDM tables

    The Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations, and Software Bill of Materials (SBOM) applications in ServiceNow manage and utilize data within Common Service Data Model (CSDM) tables. These applications ingest data from third-party vulnerability scanners and integrate with other ServiceNow products, enhancing security operations by aligning vulnerability information with configuration items (CIs) in the CMDB.

    Show full answer Show less

    Key Features

    • Data Integration with CSDM Tables: Vulnerability data imported from scanners is represented in specific tables such as Host Vulnerability Response Discovered Items, Cloud and Container discovered images, and Application Vulnerability Response Discovered Applications.
    • CMDB Lookup and Assignment: Imported vulnerability data is matched against existing CMDB CIs, which may have additional non-discoverable attributes (e.g., Support Group, Classification) sourced from CSDM synchronizations. These attributes can be leveraged in scripted assignment rules to automate remediation workflows.
    • Scripted Rules for CSDM Data Utilization: Customers can create scripted queries to incorporate CSDM object attributes into Vulnerability Response processes, such as dynamically assigning remediation tasks based on configuration item classifications.
    • Referenced CSDM Tables: Key tables referenced include Product Model (cmdbmodel), Application Model (cmdbapplicationproductmodel), Configuration Item (cmdbci), Business Service, Service, CMDB Group, and Dynamic CI Group. These tables underpin the integration of vulnerability data with the broader CMDB and service models.
    • SBOM Integration: When uploading SBOM files, the system attempts to match product models and business applications to existing CMDB records, facilitating linkage between application services, business applications, and product models.

    Products and Integrations That Enhance Vulnerability Response

    • Third-party Vulnerability Scanners: Integrations bring in vulnerabilities from sources like the National Vulnerability Database (NVD), automatically creating vulnerable items linked to CMDB assets and enabling automated remediation task creation, prioritization, and assignment.
    • CWE and NVD Data: Imported data from NIST NVD and Common Weakness Enumeration enrich vulnerability context to support informed remediation decisions.
    • Security Posture Control (SPC): SPC provides visibility into enterprise assets and helps identify security coverage gaps by correlating vulnerability data from Vulnerability Response applications with security policies.
    • Governance, Risk, and Compliance (GRC): Integration with GRC enables continuous monitoring, prioritization, and automation within risk programs by connecting security and IT processes.
    • DevOps Integration: Protect software development cycles by uploading SBOM files from GitHub repositories to the ServiceNow AI Platform and initiating GitHub Actions to prevent the use of vulnerable components.

    Practical Benefits for ServiceNow Customers

    By leveraging these applications and integrations, customers can:

    • Align vulnerability data with accurate CMDB records and service models to provide context-rich remediation workflows.
    • Automate assignment and prioritization of remediation tasks using configurable scripted rules that incorporate CSDM attributes.
    • Enhance security posture visibility and risk management through integration with SPC and GRC modules.
    • Support secure DevOps practices by integrating SBOM data and vulnerability controls directly into development pipelines.

    The Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications manage (contribute data to) CSDM tables. These applications also use data from CSDM tables that other applications generate. Several ServiceNow products, therefore, benefit from and add value to these Security Operations applications.

    Figure 1. The CSDM data framework and Vulnerability Response applications
    Tables highlighted that are referenced and used by the Vulnerability Response applications

    CSDM tables referenced by Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications

    As assets are imported from third-party vulnerability scanners (integrations), they are brought into Vulnerability Response and represented in specific tables:
    • Host Vulnerability Response Discovered Items.
    • Cloud and Container Vulnerability Response discovered images
    • Application Vulnerability Response Discovered Applications (product model)
    As part of the Security Operations CMDB configuration item (CI) look up, a search is performed to match a (CI) record from imported data with existing records in the CMDB.

    Each specific CI Record may contain non-discoverable attributes, for example, Support Group, or Classification, that are populated on the CI that can be used as input for vulnerable item assignment Rules. These attributes might be populated from Common Service Data Model (CSDM) synchronizations based on upstream Technical Service Offerings.

    If you want to leverage related CSDM objects for Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications, you need to use scripted rules.

    For example, to automatically assign vulnerable items for remediation using vulnerable item assignment rules, you might create a rule that leverages configuration item Classification values as they are updated on imported vulnerability entries. For this case, you need a scripted rule to query the target value you want from the related CSDM object.

    Below is an example of a scripted query that you might use to see if a CI has Java and is tied to a vulnerability entry.

    Scripting example that shows

    Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications reference the following tables. Refer to the CSDM data framework and Vulnerability Response applications image for more information.
    • The Product Model [cmdb_model] table (referenced by Application Vulnerability Response and Software Bill of Materials).
    • The Application Model [cmdb_application_product_model] table (referenced by Application Vulnerability Response and Software Bill of Materials).
    • The Configuration Item [cmdb_ci] table.
    • The Business Service [cmdb_ci_service_business] table.
    • The Service [cmdb_ci_service] table.
    • CMDB Group [cmdb_group] table.
    • Dynamic CI Group [cmdb_ci_query_based_service] table.

    CSDM tables used by Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications

    1. Product Model [cmdb_model] table (used by Application Vulnerability Response and Software Bill of Materials).
    2. Application Model [cmdb_application_product_model] table (used by Application Vulnerability Response and Software Bill of Materials).
    3. The Configuration Item [cmdb_ci] table.
    4. Business Application [cmdb_ci_business_app] (used by Application Vulnerability Response and Software Bill of Materials).
    5. Business Service [cmdb_ci_service_business].
    6. Technical service [cmdb_ci_service_technical].
    Note:

    When you upload Software Bill of Materials files, the SBOM applications try to match any Product Model and Business Applications you upload to those that already exist in your CMDB. You can link application services or business applications to a product model.

    Products that add value to Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications

    Using the Vulnerability Response applications with the following ServiceNow products can benefit your organization.
    Third-party vulnerability scanners and integrations

    Imported vulnerabilities from the National Vulnerability Database (NVD) and detection data from third-party scanners are reconciled with the assets in your CMDB. When an imported vulnerability matches an existing asset, a vulnerable item is created. Vulnerable items are grouped automatically into tasks for remediation, risk-scored with business context, prioritized and assigned to appropriate teams for remediation. For more information and a list of integrations see Vulnerability Response integrations.

    The CWE Comprehensive 2000 and NVD Integrations

    Imported data from the NIST National Vulnerability Database (NVD) and Common Weakness Enumeration (CWE) integrations is used to enrich the vulnerability data in your instance and help you decide whether to escalate remediation for a vulnerability, vulnerable item, or remediation task. See Understanding the NVD integrations and Configure and run the scheduled job for updating CWE records for more information.

    Products that benefit from integration with Software Bill of Materials

    Security Posture Control

    Security Posture Control enables cybersecurity teams to get visibility into their complete enterprise asset inventory and determine their overall security posture. Policies in SPC can help you detect assets with vulnerability that you import with the Vulnerability Response applications to help you locate security tool coverage gaps.

    Governance, Risk, and Compliance

    Connect security and IT with an integrated risk program offering continuous monitoring, prioritization, and automation.

    DevOps

    Protect your environments from potentially harmful components during software development cycles with GitHub Actions that you initiate from your GitHub environment. Upload SBOM files to the ServiceNow AI Platform from your GitHub repositories.