Review Unified Security Exposure Management integrations

  • Release version: Yokohama
  • Updated August 9, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Review Unified Security Exposure Management integrations

    The Integration Dashboard in the Unified Security Exposure Management workspace provides ServiceNow customers with a comprehensive view of installed third-party security integrations and their operational status. It offers visual insights into integration runs, including success and failure rates, and detailed performance metrics to help monitor and troubleshoot integration health effectively.

    Show full answer Show less

    Key Features

    • Integration Dashboard Access: Navigate to Workspaces > Security Exposure Management Workspace > Administration and select Review on any integration to access the dashboard.
    • Data Visualization and Interaction: Interactive charts (bar, pie, data points) display integration run data; selecting any segment reveals detailed information.
    • Integration Runs Metrics: Displays the number of completed integration runs over the past 7 and 30 days, differentiating between successful and failed runs. Common failure causes include network interruptions and data corruption during transfer.
    • Ingestion Health and Processing Metrics: Highlights import queue processing times, wait times, REST API response times, and other performance indicators such as assignment rules and risk calculation times over 30 days. Color coding aids quick identification of issues.
    • Integration Scheduling and Status: Details for each integration include name, active status, run schedule (day and time), and last run status.
    • Automatic Token Management for Tenable.sc: If a Tenable.sc integration fails, its authentication token expires and a new token is automatically generated for the next run, ensuring continuous integration without manual intervention.
    • Import Queue and Timeout Handling: Integration data is processed in pages with a one-hour timeout limit per import queue entry. Heartbeat timestamps are sent periodically to indicate active processing. If processing exceeds the threshold or stalls, the system times out the stuck entry to prevent delays.
    • Configurable System Properties: Controls for heartbeat frequency and maximum allowable delay before timeout are managed via system properties:
      • snseccmn.recordthresholdheartbeat: Number of processed records between heartbeats.
      • snseccmn.maximumheartbeatdelay: Maximum time allowed before an import queue entry timeout.

    Practical Benefits for ServiceNow Customers

    • Quickly monitor the health and status of multiple security exposure integrations from a single dashboard.
    • Identify and troubleshoot integration failures with detailed failure causes and performance metrics.
    • Ensure seamless integration continuity with automatic token management and timeout handling mechanisms.
    • Optimize integration performance by analyzing detailed processing metrics and adjusting schedules as needed.

    The integration dashboard provides an overview of the installed third-party applications and the status of the integration runs.

    In the chart, point to any part (bar, pie, data point, and so on) to view general data specific to that part. If you select any part of a report, a list opens to provide detailed information.

    Access the Integration Dashboard

    To open the dashboard, navigate to Workspaces > Security Exposure Management Workspace > Administration and select Review on any integration.

    Use cases

    For examples of how different people in your organization would use this dashboard, see these use cases.
    User Dashboard use

    Data visualization

    Note:
    To learn more about a widget, select the information icon Information icon.
    Table 1. Overview
    Metrics Type Description
    Integration runs

    Vertical BarBar
    The number of integration runs completed for each integration. Shows both successful and failed runs in the past 7 and 30 days. The most common causes for a failed run include:
    • Network interruption
    • Bit decay in the data transfer resulting in corrupted data during the transform
    If you encounter any of these conditions, select the Full data import check box, click Execute Now, and rerun the integration.
    Ingestion health Highlights Provides information on the following:
    • Import queue processing time.
    • Import queue wait time.
    • REST API time.
    Processing health Multiple lines Provides performance metrics for assignment rules, remediation task rules, CI lookup time, risk rules, and VI creation time for the last 30 days, to identify the cause for any deviations in performance. The performance is calculated based on the time taken for each activity. These parameters are calculated and associated at the integration run level. Each parameter is color coded for easy identification.
    Note:
    Multiple factors can impact the performance of the integration run, like the amount of data and time taken to process this data.
    Table 2. Integrations
    Name Description
    Name Name of the integration.
    Active Status of the integration whether active or not.
    Run Run schedule of the integration
    Day Day on which the integration runs.
    Time Time at which the integration runs.
    Last run status Status of the last integration run whether failed or successful.
    Notes Notes
    Note:
    If a Tenable.sc integration run fails for any reason, the authentication token for Tenable.sc automatically expires and a message is displayed on the Vulnerability Integration Process record. A new token is automatically generated for the next integration process. All the integration processes, failed and successful, are displayed on the Vulnerability Integration Process tab on the Vulnerability Integration Process record.
    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing. The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.