Skip to content

Latest commit

 

History

History
89 lines (65 loc) · 4.31 KB

File metadata and controls

89 lines (65 loc) · 4.31 KB

vulnerability-response-integration for ServiceNow

Edgescan integration for ServiceNow's Vulnerability Response application.

  • Imports edgescan's vulnerability information as a third-party library, provided a valid edgescan API key.
  • Imports client's vulnerabilities as vulnerable items, for selected assets.

Installation

  1. Add GitHub Credential

    To download the edgescan integration from GitHub requires a GitHub credential:

  • Use the All menu to open Connections & Credentials > Credentials.
  • Click the New button.
  • In the What type of Credentials would you like to create? list, select Basic Auth Credentials.
  • Configure the Basic Auth Credentials record.
    • Name: A name to identify the Credential record.
    • Order: The order in which the credential is attempted if multiple credentials exist. The Order value is not used for source control.
    • User name: The username to authenticate to the source control repository.
    • Password: Use a personal access token instead of a password.
    • Active: Select to make the credential available for use.
  • Click the Submit button.
  1. Import Edgescan Integration

    The application can now be imported from GitHub, through Studio:

  • Use the All menu to open System Applications > Studio.
  • Click the Import From Source Control button.
  • Configure the Import Application record.
    • Network protocol: Select https.
    • URL: Enter https://github.com/BCCRiskAdvisory/vulnerability-response-integration.
    • Credential: Select the GitHub credential, created above.
    • Branch: Enter main.
  • Click the Import button.

How To Import Third-Party Vulnerability Entries from Edgescan

  1. Add Edgescan Credential

    Once the application is imported an edgescan credential can be created:

  • Use the All menu to open Edgescan > Edgescan Credentials.
  • Click the New button.
  • Configure the Edgescan Credentials record.
    • Name: A name to identify the Credential record.
    • Authentication Key: API key generated from live.edgescan.com.
    • Active: Automatically set to true. Can be deactivated later.
  • Click the Submit button.
  1. Create Edgescan Integration Scheduled Import

    Finally the integration scheduled import can be setup:

  • Use the All menu to open Vulnerability Response > Administration > Integrations.

  • Click the New button.

  • Configure the Vulnerability Integration record.

    • Name: Enter Edgescan Vulnerability Integration.
    • Active: Select to make the integration available for use.
    • Run: Configure the schedule for how often to run the integration; daily/weekly/monthly.
    • Integration Script: Select EdgescanVulnerabilityIntegration.
    • Integration factory script: Autogenerated.
    • Report processor strategy: Select Custom Report Processor.
    • Report processor: Select EdgescanVulnerabilityReportProcessor.
    • Processor factory script: Autogenerated.
  • Click the Submit button.

    The script can be executed straight away by clicking the Execute Now button.

How To Import Vulnerable Items from Edgescan

NOTE: The above import of vulnerability entries is required to continue.

  1. Add Edgescan Import Configuration

    After the vulnerability entries have been updated, vulnerable items can be imported:

  • Use the All menu to open Edgescan > Import Configurations.

  • Click the New button.

  • Configure the Import Configuration record.

    • Edgescan Credential: Select an Edgescan Credential.
    • Assets: Enter all to import vulnerabilities for every asset. Or, enter the asset IDs (comma separated, no spaces e.g. 1234,5678) of the assets for which you'd like to import vulnerabilities
  • Click the Submit button.

    The next time the Edgescan Vulnerability Integration (created in step 2 above) is executed the edgescan vulnerabilities will be imported.

If the integration has successfuly run then edgescan vulnerability entries can be found at Vulnerability Response > Libraries > Third-Party, and vulnerable items can be found at Vulnerability Response > Vulnerable Items > All. If there are no edgescan vulnerability entries, or vulnerable items, present then an error may have occured. Check the logs at System Logs > System Log > All.