Integrations and dependencies of the Vulnerability Response Patch Orchestration with the Microsoft SCCM application

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrations and dependencies of the Vulnerability Response Patch Orchestration with the Microsoft SCCM application

    The Vulnerability Response Patch Orchestration with Microsoft System Center Configuration Manager (SCCM) integration enables ServiceNow customers to orchestrate patch management by leveraging SCCM data within the ServiceNow platform. This integration facilitates visibility and management of patch updates, device collections, and deployments directly from ServiceNow, enhancing vulnerability response workflows.

    Show full answer Show less

    To use this integration, specific ServiceNow applications and dependencies must be installed, all available from the ServiceNow Store. Some require separate subscriptions. Compatibility information is maintained in ServiceNow’s knowledge base.

    Key Features

    • Required Applications: Vulnerability Response, Vulnerability Solution Management, Vulnerability Response Patch Orchestration, Vulnerability Response Patch Orchestration with Microsoft SCCM, Security Support, Common Security Support, Security Orchestration, and Service Graph connector with SCCM.
    • Patch Orchestration Tables: The integration uses several dedicated tables to store patch and device data, including:
      • Patch Update: Stores available patch information from different instances.
      • Device Update: Tracks deployed patches and their statuses on devices.
      • Collection & Device Collection: Store SCCM collection data and associated devices.
      • Patch Deployment: Holds information about patch deployments to collections and configuration items.
      • Potential Patch: Links patches to vulnerabilities they potentially resolve.
    • Integration Workflows: The integration includes four main scheduled and on-demand integrations that synchronize SCCM data:
      • SCCM Collection Integration: Runs daily to retrieve device collections from SCCM.
      • SCCM Device Collection Integration: Triggered by collection integration completion or manually, fetches devices in each collection and creates corresponding records.
      • SCCM Patch Update Integration: Triggered after device collection integration, retrieves patch installation and missing patch details from SCCM.
      • SCCM Deployments Integration: Triggered after patch update integration, retrieves scheduled patch deployments from SCCM.

    What Customers Can Expect

    By implementing this integration, ServiceNow customers gain automated, timely synchronization of SCCM patch and device data within their Vulnerability Response environment. This enables comprehensive visibility into patch statuses, deployment schedules, and device collections, streamlining patch orchestration and vulnerability mitigation efforts directly through ServiceNow’s interfaces including workspaces and the classic UI.

    The integration’s modular, scheduled design ensures data freshness and consistency, reducing manual effort and improving security posture by enabling coordinated vulnerability resolution using SCCM as the authoritative source for patch management data.

    The following product and dependency applications are required for the Vulnerability Response Patch Orchestration with Microsoft System Center Configuration Manager (SCCM) integration. These applications are available in the ServiceNow® Store

    Available versions of applications and dependencies required for the patch orchestration integration

    To view patch orchestration data and available updates (patches) in the workspaces and the classic UI in Vulnerability Response, the following applications are required. All applications listed are available in the ServiceNow® Store. Some applications require separate subscriptions.

    For more information about version compatibility with the required applications and family releases, refer to the KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes article in the HI Knowledge Base.

    Application and release version
    Vulnerability Response
    Vulnerability Solution Management
    Vulnerability Response Patch Orchestration application
    Vulnerability Response Patch Orchestration with Microsoft SCCM application
    Security Support Common
    Security Support Orchestration
    Service Graph connector with SCCM

    Vulnerability Response patch orchestration application tables

    The Vulnerability Response Patch Orchestration application contains the following tables:

    Table Description
    Patch Update [sn_vul_patch_orch_update] Stores information about the patches that are available on distinct instances.
    Device Update [sn_vul_patch_orch_m2m_src_ci_update] Stores data about the deployed patches, along with deployment status, that are on displayed on discovered item records.
    Collection [sn_vul_patch_orch_collection] Stores collection data from distinct instances.
    Device Collection [sn_vul_patch_orch_m2m_src_ci_collection] Stores collections data about discovered items.
    Patch Deployment [sn_vul_patch_orch_deployment] Stores information about deployed patches about Collections and CIs.
    Potential Patch [sn_vul_patch_orch_m2m_vuln_patch] Stores data about patches and vulnerabilities that identify the patches that might be used to resolve a vulnerability.

    Vulnerability Response Patch Orchestration with Microsoft SCCM integrations

    The integrations developed by ServiceNow® engineering make up the orchestrated solution deployment with the Microsoft SCCM product. The following integrations are included with the Microsoft SCCM Patch Orchestration Integration application that you download from the ServiceNow® Store.

    After you install the integration application on your ServiceNow AI Platform instance, to view these integrations, navigate to Integrations > SCCM Patch Orchestration Integration > Integrations. The Vulnerability Response application processes data on scheduled time intervals imported by these integrations with Microsoft SCCM endpoints.

    Integration Description
    Microsoft SCCM Collection Integration
    • This integration is scheduled to run daily and runs first in the chained integration run.
    • Retrieves the device collections from the SCCM Collections.
    Microsoft SCCM Device Collection Integration
    • When scheduled, this integration is triggered by the completion of the SCCM Collection Integration. You can also run it on-demand.
    • This integration fetches the devices under each collection. This integration creates records in the discovered items table and Device Collection table.
    Microsoft SCCM Patch Update Integration
    • When scheduled, this integration is triggered by the completion of the SCCM Device Collection Integration. You can also run it on-demand.
    • Retrieves information from the SCCM server about the Patches that are either installed or missing on devices (assets).
    Microsoft SCCM Deployments Integration
    • When scheduled, this integration is triggered by the completion of the Patch Update Integration. You can also run it on-demand.
    • Retrieves information about the patches scheduled by the IT team in the SCCM server.