Rapid7 Vulnerability Integration run status chart

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Rapid7 Vulnerability Integration run status chart

    The Rapid7 Vulnerability Integration for ServiceNow enables automated data collection from Rapid7 Nexpose sensors, which send vulnerability data to Rapid7 Nexpose or InsightVM products for continuous analysis. This integration enhances vulnerability management by mapping vulnerabilities to Configuration Items (CIs) and business services within ServiceNow, helping customers assess threat impact and prioritize remediation effectively.

    Show full answer Show less

    The Run Status module provides graphical dashboards to monitor the status and performance of integration runs, displaying detailed insights into vulnerable items processed during each run.

    Key Features

    • Data Visualizations in Vulnerability Response Workspaces: Dynamic charts updated in real-time help track remediation progress by showing active vulnerabilities by number and severity.
    • Run Status Dashboard: Available in the New Experience UI (from Vulnerability Response version 19.0 onward), this dashboard shows integration run outcomes, including counts of new, updated, and imported vulnerable items.
    • Interactive Reports: Users can hover or click on chart elements (bars, pies, data points) to view detailed data and drill down into specific integration run information.
    • Performance Metrics Charts: Two new graphs compare daily performance over the last 30 days:
      • Rapid7 Vulnerable Item Ingestion Performance Metrics – Tracks processing times and rule evaluations.
      • Rapid7 Vulnerable Item Ingestion Performance Throughput – Shows throughput in items per hour for the Rapid7 API integration.
    • Filtering: Integration runs with zero new or updated items and no changes to CIs are automatically excluded from the run list for clarity.

    Integration Run Status Key Data Points

    • Imported Items: Total vulnerable items created during an integration run.
    • New Items: Vulnerable items newly created during the run.
    • Updated Items: Number of times vulnerable items were updated (note this counts multiple updates to the same item separately).
    • Unchanged Items: Vulnerable items found but not updated because no relevant data changed.
    • Duplicate Items: No longer populated and may be removed from displays.

    Practical Use for ServiceNow Customers

    ServiceNow customers can leverage the Rapid7 Vulnerability Integration run status charts to:

    • Monitor integration health and success rates over the last 30 days, including failures and completions.
    • Track the volume of new and updated vulnerable items imported, helping understand vulnerability trends.
    • Analyze ingestion performance to identify and troubleshoot delays or bottlenecks in data processing.
    • Drill down into specific integration runs for detailed findings and compare them against ServiceNow detection data for accuracy.

    This functionality supports proactive vulnerability management by providing actionable insights into the integration’s operation and the organization’s exposure to vulnerabilities.

    Rapid7 Nexpose sensors collect the data and automatically send it to the Rapid7 Nexpose or Rapid7 InsightVM products, which continuously analyze and correlates the information.

    Data visualizations in the Vulnerability Response Workspaces

    The Vulnerability Response Workspaces include data visualizations that can help you monitor your remediation progress. You can determine the threat level to your organization by viewing the number and severity of active vulnerabilities that are important to your organization on dynamic data visualizations that are updated as vulnerability data changes. See Vulnerability Response Workspaces, Vulnerability Manager Workspace and Exploring the IT Remediation Workspace for more information about the dynamic data visualizations that are available.

    Rapid7 Vulnerability Integration works easily with Vulnerability Response to map vulnerabilities to CIs and business services to determine impact and priority of potentially malicious threats. The Rapid7 Vulnerability Integration Run Status module is a graphical view of the status of Rapid7 Vulnerability Integration runs.

    To view this data in the legacy view, navigate to All > All Rapid7 Vulnerability Integration > Integration Run Status.

    Starting with version 19.0 of Vulnerability Response, this dashboard is available in the New Experience UI.
    Note:
    If you are on Tokyo, you can view the dashboards in the Next Experience UI but with some functional loss.

    Previous versions of Vulnerability Response

    In the chart, point to any part (bar, pie, data point, and so on) to view general data specific to that part. If you click any part of a report, a list opens to provide detailed information.

    Multiple factors can impact the performance of the integration run, like the amount of data and time taken to process this data. Two new graphs have been added to compare the performance metrics:
    • Rapid7 Vulnerable Item Ingestion Performance Metrics: Compare daily performance metrics for assignment rules, group rules, risk rules, queue wait time, queue processing time, and other statistics for vulnerable items for the last 30 days, to identify the cause for any deviations in performance.
    • Rapid7 Vulnerable Item Ingestion Performance Throughput: Compare daily vulnerable item ingestion throughput for the Rapid7 Vulnerable Item Integration - API. Throughput is measured in items per hour.
    Note:
    In Rapid7, these graphs are supported only for the Insight VM integration.
    Figure 1. Rapid7 integration run status
    Rapid7 Integration Run Status
    Figure 2. Sample Rapid7 Vulnerability Integration run status chart
    Integration run status chart example from host detection
    • The value in the Imported Items column represents the total number of vulnerable items that are created from an integration run.
    • The New items column displays the number of vulnerable items that are created from an integration run.
    • The Duplicate items column is no longer populated. You may prefer to remove this column from the display.
    • The Updated items column displays the number of times vulnerable items are updated during an integration run. This value is not the number of unique vulnerable items that are updated. If for example, a vulnerable item is updated two times during the integration run, it is counted two times and displayed as 2 updated items.
    • The Unchanged items column displays vulnerable items found during the integration run that already exist in the database but were not updated, because none of the relevant field values had changed.
    Note:
    Integration runs with zero results for all four of the following values: New CIs, Existing CIs, New Items, and Updated Items are filtered out of the Rapid7 Integration Runs list.
    Table 1. Rapid7 Vulnerability Integration run status chart reports
    Name Description
    Last 30 Days Rapid7 Results The number of integration runs completed for each integration. Shows both successful and failed runs. Run in a bar visual.
    Last 30 Days Rapid7 New VIs The number of new vulnerable items imported in the last 30 days. Shown as an integer.
    Last 30 Days Rapid7 Updated VIs The number of updated vulnerable items imported in the last 30 days. Shown as an integer.
    Last 30 Days Rapid7 Duplicates The number of duplicate vulnerable items imported in the last 30 days. Shown as an integer.
    Rapid7 Integration Runs The integration run records in a list.
    Note:
    V16.1: To verify detections for this integration, compare the detections or findings with the ServiceNow detection data in the sn_vul_detection table.

    While the integration is in progress, there might be a change in the detection or findings count. This report displays the count of detections in the ‘Till date count’ column in the instance, after the completion of the integration run.
    Last 30 Days Rapid7 Vulnerable Item Ingestion Performance Metrics Daily performance metrics for vulnerable items compared for the last 30 days.
    Last 30 Days Rapid7 Vulnerable Item Ingestion Performance Throughput Daily vulnerable item ingestion throughput for the Rapid7 Vulnerable Item Integration - API measured for the last 30 days.