New and updated VMware Carbon Black Cloud Apps for ServiceNow

Posted on March 20, 2023

The new Carbon Black Cloud App for ServiceNow Vulnerability Response v1.0.0 is now available and provides integration of vulnerability data from Carbon Black Cloud to create tickets in ServiceNow.

Updated versions of the ServiceNow SecOps App v2.0.0 and ITSM App v2.0.0 are available with new data ingest options and more actions available.

All apps also include integration with the ServiceNow Configuration Management Database (CMDB) to support inventory use cases.

Release Highlights

New ServiceNow Vulnerability Response App
CMDB Integration across all three apps (ITSM, SecOps, VR) for inventory use cases
Additional SOAR actions in the ITSM and SecOps Apps
Data Forwarder Alert ingestion Support
Support for ServiceNow Versions San Diego and Tokyo

App for Vulnerability Response (VR) v1.0.0

The VMware Carbon Black Cloud for Vulnerability Response app automates ticket creation and tracking to streamline vulnerability management workflows.

By integrating risk-prioritized vulnerability data from the Carbon Black Cloud directly into ServiceNow, security teams can triage vulnerabilities, automatically create tickets, and remediate or patch vulnerabilities leveraging a single console and simplified workflows.

This application delivers full access to endpoint vulnerability context so that analysts can proactively harden their environment against the highest risk vulnerabilities.

Key Features and Benefits:

Automated ticket creation in ServiceNow with vulnerability and risk context from Carbon Black Cloud
Streamlined management with the ability to open, triage and track vulnerability tickets across multiple teams
Integrated into existing ServiceNow and Carbon Black workflows to enable analysts to harden against or patch vulnerabilities using SOAR actions from Carbon Black

ServiceNow CMDB Integration

Integrating Carbon Black Cloud device data into ServiceNow’s CMDB increases visibility into device context to aid security and IT teams during investigations. This integration will help streamline investigations and enable security teams to react to incidents with speed and confidence.

The ServiceNow CMDB integrates seamlessly with other ServiceNow modules and Carbon Black apps, providing consistent device context and visibility from ServiceNow ITSM, SecOps and Vulnerability Response.

Key Features and Benefits:

Leverage device metadata collected by Carbon Black within ServiceNow workflows for ITSM, SecOps and Vulnerability Response
Increase analysts’ confidence when responding to an alert by providing direct access to device details
Improve the efficiency of investigations with direct visibility into device details alongside SOAR actions and security metadata

Updates to the ITSM and SecOps Apps

Data Forwarder Support for Alert Ingestion
Additional SOAR actions
Attach Carbon Black Cloud Assets to Tickets as ServiceNow CMDB Configuration Items
Compatibility with ServiceNow San Diego and Tokyo Versions

Data Forwarder Support for Alert Ingestion:

Customers using the Carbon Black Cloud apps for ServiceNow ITSM and SecOps can now leverage the Data Forwarder to stream their Carbon Black Cloud Alert data into ServiceNow from an AWS S3 Bucket. This method allows for improved scalability and reliability when ingesting higher volumes of Alerts into ServiceNow.

Resources

For more information, check out the resources below:

Carbon Black Tech Zone Solution Overview
Installation, Configuration and User Guides on Developer Network
Carbon Black Tech Zone Installation Guide - Coming soon
Carbon Black Tech Zone Partner Page
Release Notes
ServiceNow App store

Have questions or feedback?

Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
Report bugs and change requests to Carbon Black Support