Edgescan integration for ServiceNow's Vulnerability Response application.
- Imports edgescan's vulnerability information as a third-party library, provided a valid edgescan API key.
- Imports client's vulnerabilities as vulnerable items, for selected assets.
-
Add GitHub Credential
To download the edgescan integration from GitHub requires a GitHub credential:
- Use the All menu to open Connections & Credentials > Credentials.
- Click the New button.
- In the What type of Credentials would you like to create? list, select Basic Auth Credentials.
- Configure the Basic Auth Credentials record.
- Name: A name to identify the Credential record.
- Order: The order in which the credential is attempted if multiple credentials exist. The Order value is not used for source control.
- User name: The username to authenticate to the source control repository.
- Password: Use a personal access token instead of a password.
- Active: Select to make the credential available for use.
- Click the Submit button.
-
Import Edgescan Integration
The application can now be imported from GitHub, through Studio:
- Use the All menu to open System Applications > Studio.
- Click the Import From Source Control button.
- Configure the Import Application record.
- Network protocol: Select https.
- URL: Enter
https://github.com/BCCRiskAdvisory/vulnerability-response-integration. - Credential: Select the GitHub credential, created above.
- Branch: Enter main.
- Click the Import button.
-
Add Edgescan Credential
Once the application is imported an edgescan credential can be created:
- Use the All menu to open Edgescan > Edgescan Credentials.
- Click the New button.
- Configure the Edgescan Credentials record.
- Name: A name to identify the Credential record.
- Authentication Key: API key generated from
live.edgescan.com. - Active: Automatically set to
true. Can be deactivated later.
- Click the Submit button.
-
Create Edgescan Integration Scheduled Import
Finally the integration scheduled import can be setup:
-
Use the All menu to open Vulnerability Response > Administration > Integrations.
-
Click the New button.
-
Configure the Vulnerability Integration record.
- Name: Enter Edgescan Vulnerability Integration.
- Active: Select to make the integration available for use.
- Run: Configure the schedule for how often to run the integration; daily/weekly/monthly.
- Integration Script: Select EdgescanVulnerabilityIntegration.
- Integration factory script: Autogenerated.
- Report processor strategy: Select Custom Report Processor.
- Report processor: Select EdgescanVulnerabilityReportProcessor.
- Processor factory script: Autogenerated.
-
Click the Submit button.
The script can be executed straight away by clicking the Execute Now button.
NOTE: The above import of vulnerability entries is required to continue.
-
Add Edgescan Import Configuration
After the vulnerability entries have been updated, vulnerable items can be imported:
-
Use the All menu to open Edgescan > Import Configurations.
-
Click the New button.
-
Configure the Import Configuration record.
- Edgescan Credential: Select an Edgescan Credential.
- Assets: Enter
allto import vulnerabilities for every asset. Or, enter the asset IDs (comma separated, no spaces e.g.1234,5678) of the assets for which you'd like to import vulnerabilities
-
Click the Submit button.
The next time the Edgescan Vulnerability Integration (created in step 2 above) is executed the edgescan vulnerabilities will be imported.
If the integration has successfuly run then edgescan vulnerability entries can be found at Vulnerability Response > Libraries > Third-Party, and vulnerable items can be found at Vulnerability Response > Vulnerable Items > All. If there are no edgescan vulnerability entries, or vulnerable items, present then an error may have occured. Check the logs at System Logs > System Log > All.