Vulnerability Response App for ServiceNow - User Guide

Overview

The VMware Carbon Black ServiceNow Vulnerability Response Application ingests vulnerabilities from the VMware Carbon Black Cloud platform. A Vulnerable Item is created from this fetched vulnerability and the configuration item. Vulnerabilities are retrieved from the Carbon Black Cloud platform when the Vulnerability Response app has an active configuration profile.

For the most complete information about endpoints, configuration items in ServiceNow, enable Asset Inventory Ingestion.

Roles and Permissions

For all actions described in this user guide, the VMware CBC Analyst (x_vmw_cb_connector.analyst) role is required.

Configuration of the application, including of profiles, requires VMware CBC Admin (x_vmw_cb_connector.admin). Details on Roles and Users are on the Configuration page.

View Vulnerabilities

Vulnerabilities are created in the National Vulnerabilities Database (NVD) table.

  • To view vulnerabilities, navigate “Vulnerability Response” > “Libraries” > “NVD”.

  • Open the Vulnerability record to view the vulnerability information such as ID, Risk rating, Risk Score, Severity and Summary.

  • Vulnerability Details can also be viewed from the “Vulnerability Details” tab.

  • Vulnerable items associated with the current vulnerability can be viewed by clicking on the “Vulnerable Items” tab present in the National Vulnerability Database Entries (NVD).

  • Navigate to “Vulnerability Response” > “Vulnerable Items” > “All” to view created Vulnerable Items.

  • Open any record in order to view details of the Vulnerable Item.

  • Click on the information icon of the Vulnerability field to view the Vulnerability associated with the vulnerable item.

  • Click on the information icon of the Configuration Item field to view the affected asset associated with the vulnerable item.

  • Configuration Item is displayed.

  • Navigate to the Vulnerability tab to view details of the vulnerability associated with it.

  • Navigate to Notes tab to view “NVD Link”. It will be visible in the activities section.

  • Click on the link to open Vulnerability record.

Domain Separation (Multi-tenancy)

  • Use the Domain Separation feature to isolate Carbon Black Cloud data from different organizations and manage access controls.
  • You must activate the Domain Support - Domain Extensions Installer plugin to use this feature.
  • Use the Domain Separation feature to create child domains and assign users to a specific domain.
  • Users can have multiple child domains assigned to a Parent domain.
  • Each child domains can have separate Configuration Profiles with different alert records.

Dashboards

The Vulnerability App includes dashboards to understand metrics about Vulnerabilities.

  • Requires one of the following roles:
    • VMware Carbon Black Cloud Admin
    • VMware Carbon Black Cloud Analyst1
    • VMware Carbon Black Cloud Viewer

There is one filter that applies to all Vulnerability charts:

  • The ServiceNow Ingestion Time filter applies to all dashboards and sets the time interval for the time at which vulnerabilities were ingested into ServiceNow.

The following dashboards are included:

  • Assets with Vulnerabilities: Displays the number of assets associated with a vulnerability.
  • Top 10 Vulnerabilities: Displays the 10 most frequently occuring vulnerabilities associated with assets
  • Vulnerable Items Trend: Displays the ingestion of vulnerable items over time.

Support and Resources


Give Feedback

New survey coming soon!


Last modified on February 28, 2024