Invicti Vulnerability Integration
Summarize
Summary of Invicti Vulnerability Integration
The Invicti Vulnerability Integration enables ServiceNow customers to import application vulnerability data from the Invicti scanning tool into their ServiceNow instance. This integration supports Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) data, helping customers assess the impact and prioritize remediation of vulnerabilities in their applications. The imported data is integrated with ServiceNow's Application Vulnerability Response feature to streamline vulnerability management workflows.
Show less
Key Features
- Data Import and Mapping: Imports application scan data including discovered applications, scan timestamps, and detailed vulnerability items directly into ServiceNow tables. Application records are inserted into either the Discovered Applications or Scanned Application tables based on the system property
snvul.useproductmodel, allowing flexible configuration of integration behavior. - Chained Scheduled Jobs: Automates the import process by chaining multiple integration steps—starting with application data, followed by scan details, and finally vulnerability items—running automatically daily or on demand to keep vulnerability data synchronized.
- Vulnerability Type Mapping: Each Invicti vulnerability type is mapped to a unique identifier in ServiceNow and displayed clearly on Application Vulnerable Item (AVI) records for easy identification and tracking.
- Integration Monitoring: Starting with version 1.1, the integration provides detailed metrics on processing times and integration run reports for better monitoring and troubleshooting.
Practical Use for ServiceNow Customers
- Automate the ingestion of Invicti scan data to maintain an up-to-date vulnerability inventory within ServiceNow.
- Leverage the integration to correlate application vulnerabilities with configuration items (CIs) by enabling and configuring CI lookup rules, enhancing asset and vulnerability association.
- Use the scheduled jobs to streamline and sustain an efficient vulnerability remediation lifecycle by ensuring continuous synchronization.
- Utilize detailed integration reports and mapping to improve vulnerability prioritization and response planning.
Next Steps
Customers should configure the system property snvul.useproductmodel according to their preferred application data model, activate relevant CI lookup rules if associating vulnerabilities with CIs, and monitor integration run reports to ensure successful data import. Reviewing compatibility information and release notes is recommended before implementation.
The Invicti Vulnerability Integration uses application data imported from the Invicti product to help you determine the impact and priority of flaws in your code.
Invicti Vulnerability Integration
The Invicti Vulnerability Integration collects scanner data and makes that data available to the ServiceNow AI Platform®. It easily integrates with the ServiceNow® Application Vulnerability Response feature of Vulnerability Response to map imported third-party application vulnerability information into your instance.
- Dynamic Application Security Testing (DAST)
- Interactive Application Security Testing (IAST)
For more information about DAST and IAST, see Exploring Application Vulnerability Response.
Available versions
| Release version | Release notes |
|---|---|
|
Invicti Vulnerability Integration v1.1 Invicti Vulnerability Integration 1.0 |
Application Vulnerability Response release notes For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes |
Integrations
The following integrations are included in the base system. The integrations are chained so that after one integration successfully completes, the next integration is initiated. The integrations run in the order listed in the following table.
After the initial run, every day, scheduled jobs are chained to run these integrations automatically in order. You can also execute individual scheduled jobs manually. Scheduled jobs simplify the vulnerability remediation life cycle by keeping the instance synchronized with other vulnerability management systems.
| Integration | Description |
|---|---|
| Invicti Application List Application | Imports applications scanned by Invicti into the Discovered Applications [sn_vul_app_release] table or the Scanned Application [sn_vul_app_scanned_application] table based on how the
sn_vul.use_product_model system property is set for the CI lookup rule records.
You can choose to activate lookup rules with configuration items (CIs) as the lookup targets by modifying the system property. If you modify it, you should also activate CI Lookup rules to match the lookup target. For more
information, see: |
| Invicti Scan List Integration | This integration is initiated after the Application List Integration is successfully completed. This integration imports data about the date and time a scan was run. |
| Invicti Application Vulnerable Item Integration | This integration is initiated after the Scan List Integration is successfully completed. Starting with v1.1, view details such as total processing times, average times for pre- and post-integration run processes, and reports on the integration run records for the Application Vulnerable Item integration. Each vulnerability in Invicti has a type, for example,DirectoryListing. This type is mapped as a unique ID in your instance and displayed as part of the value in the Vulnerability field on the application vulnerable item (AVI) record: Invicti-DirectoryListing. For more information about mapping, see Invicti Vulnerability Integration state mapping. |
The upper limit for items per page for all three integrations is 200.