Importing data with the NVD and CWE integrations and managing third-party libraries

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Importing data with the NVD and CWE integrations and managing third-party libraries

    This guide explains how ServiceNow customers can import and manage vulnerability data using the National Vulnerability Database (NVD) and Common Weakness Enumeration (CWE) integrations within Vulnerability Response. These integrations enrich vulnerability records to help prioritize remediation efforts effectively. Initial setup involves installing the necessary integrations and running scheduled jobs to keep data current.

    Show full answer Show less

    Initial Setup and Data Import

    • Download and install the Vulnerability Response Integration with NVD from the ServiceNow Store if not already installed.
    • Run the CWE Comprehensive 2000 Integration scheduled job to import CWE data before importing vulnerability data with third-party scanners.
    • Schedule CWE updates to run before the NVD database updates; the NVD update defaults to weekly on Mondays.
    • Verify the Vulnerability Response Integration with NVD application is installed and successfully importing data from NIST National Vulnerability Database Integration APIs (CVE only or CVE and CPE).
    • Note that activation of the NVD integration on production instances may require a separate license.

    Managing and Updating Data

    • Imported CWE and NVD data are stored as Libraries within Vulnerability Response to enrich vulnerabilities, vulnerable items, and remediation tasks.
    • CVSS scores included in NVD and third-party data are used to compute a normalized severity metric, assisting in risk assessment and prioritization.
    • Library records can be updated on-demand or via scheduled jobs for continuous accuracy.
    • Third-party vulnerability data are also imported and updated through scheduled jobs based on integration documentation.

    Viewing Imported Vulnerability Data

    • NVD Library: Contains vulnerabilities, security checklists, software flaws, misconfigurations, product information, and impact metrics including exploits.
    • CWE Library: Contains community-developed software weakness types with associated knowledge articles; this library is for reference and does not support escalation of vulnerabilities.
    • Third-party Library: Contains imported vulnerabilities from third-party scanners with references, vulnerable items, exploits, and CVEs.

    Benefits for ServiceNow Customers

    By leveraging these integrations, customers can enrich their vulnerability data with authoritative sources, enabling better risk assessment and prioritization of remediation tasks. Scheduled updates ensure vulnerability libraries remain current, improving the accuracy and effectiveness of vulnerability management processes within ServiceNow.

    If not already installed, download and run the NVD integration and run the CWE scheduled job as part of your initial setup of Vulnerability Response and prior to importing vulnerability data into your instance with a third-party scanner product. The Vulnerability Response Integration with NVD is available on the ServiceNow Store.

    Ingesting CWE and NVD data

    Imported data from the NVD and CWE integrations are used to enrich the vulnerability data in your instance and help you decide whether to escalate remediation for a vulnerability, vulnerable item, or remediation task. After an initial import, you can update library records on-demand or configure a scheduled job to update records regularly. Vulnerability Response stores them under Libraries.

    The Common Vulnerability Scoring System (CVSS), included in NVD and third-party entries, captures the main characteristics of a vulnerability. Vulnerability Response uses CVSS data to produce a normalized value reflecting vulnerability severity. When the severity is computed, the vulnerability provides a better understanding of the risk posed by this vulnerability to your organization. Severity helps you assess and prioritize vulnerability remediation.

    If this is your first installation of Vulnerability Response, or prior to ingesting data for the first time with a third-party scanner product:

    1. Perform an initial import of CWE data with the CWE Comprehensive 2000 Integration.

      See Configure and run the scheduled job for updating CWE records for more information. You perform CWE updates On Demand from the integration record by default, and you must configure it if you want it to run as a scheduled job.

      Note:
      Schedule the CWE update to run prior to the NVD database update. The default day for the NVD update is Weekly on Monday.
    2. Verify the Vulnerability Response Integration with NVD application is installed, and data from the NIST National Vulnerability Database Integration - API (CVE only) or the NIST National Vulnerability Database Integration - API (CVE and CPE) is successfully imported.

      Activation of this plugin on production instances may require a separate license. After it is installed, the NIST National Vulnerability Database Integration - API (CVE only) integration is activated by default. It runs daily. See Understanding the NVD integrations and Install the Vulnerability Response Integration with the NIST National Vulnerability Database for more information.

    3. Third-party libraries are updated as scheduled jobs. Refer to your integration documentation at Vulnerability Response integrations for more information about third-party integrations.

    Viewing imported vulnerability data and vulnerable items

    The following libraries are available:
    Libraries Description
    NVD List of vulnerabilities found by NVD and includes security checklists, security-related software flaws, misconfigurations, product names, and impact metrics including exploits.
    CWE

    List of community-developed software weakness types.

    Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations screen, it is for reference only.
    Third-party List of imported third-party vulnerabilities in your instance. Contains a list of related references, vulnerable items, exploits, and CVEs.