Support
Vulnerability Management

Integrating Invicti Enterprise with ServiceNow Vulnerability Response using an integration script

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

ServiceNow Vulnerability Response is a vulnerability management tool that helps organizations track, prioritize, and share tasks across departments to resolve vulnerabilities. This guide shows you how to integrate Invicti Enterprise with ServiceNow Vulnerability Response by adding an integration script to ServiceNow Vulnerability Response, which then allows you to import vulnerabilities identified by Invicti Enterprise into ServiceNow Vulnerability Response.

NOTE: This integration can also be configured in our UI, which has the advantage of allowing you to configure advanced options such as issue detail, field configuration, bi-directional communication, and configuration item matching.

For more information about this alternative integration method, refer to Integrating Invicti Enterprise with ServiceNow Vulnerability Response (Plugin).

How to integrate Invicti Enterprise with ServiceNow Vulnerability Response

These instructions outline the actions required in ServiceNow Vulnerability Response to set up an integration with Invicti Enterprise. There are three steps to this process:

  1. Install the Vulnerability Response application to ServiceNow
  2. Add the integration script to ServiceNow Vulnerability Response
  3. Run the script

Step 1: How to install the Vulnerability Response application to ServiceNow

  1. Log in to the ServiceNow platform.
  2. On the left navigation pane, type Applications to the filter navigator box. Then, from the All Available Applications, select All.
  3. From the All Applications section, type Vulnerability Response, then select Install/Update All.
  4. In the Install dialog, select Install. Wait for the installation to complete.

TIP: For more information, refer to the ServiceNow documentation for installing and configuring Vulnerability Response. 

Step 2: How to add the integration script to ServiceNow Vulnerability Response

  1. On the left navigation pane, type Integrations to the filter navigator box. Then, from the Vulnerability Response section, select Integrations.
  2. From the Vulnerability Integrations section, select New to create the script.
  3. On the New Record page:
  • Enter a name for your integration script.
  • Select Active to activate the integration script.
  • Use the Run dropdown to select the run interval.
  • Set the time interval for the integration script.
  1. In the Integration Details section, select the search icon next to the Integration script field.

  1. On the Script Includes window, select New.
  2. On the New Record window, enter a name.

IMPORTANT: This name and the integration script name you entered in Invicti Enterprise must be the same.

  1. Prepare your integration script:
  • Copy the script below into a text editor
  • Replace the following values:
  1. SCRIPT_NAME - Replace with any name you prefer
  2. WEBSITE_ID - Replace with the ID of the website you are targeting
  3. WEBSITE_GROUP_NAME - Replace with the name of the Website Group you are targeting
  4. ASSIGNEE_USER_ID_ON_SERVICENOW - Replace with the Assignee ID on ServiceNow

var SCRIPT_NAME = Class.create();

SCRIPT_NAME.prototype = Object.extendsObject(sn_vul.VulnerabilityIntegrationBase, {

initialize : function() {},

retrieveData: function(){

  var currentParams = this._getProcessParameters();

  var pageSize = 20;

  var page = 1;

  var maxPages = 10;

  if(currentParams) {

    page = currentParams.page;

  }

  var message = new sn_ws.RESTMessageV2();

  message.setEndpoint("https://www.netsparkercloud.com/api/1.0/integrations/servicenow?page="+page+"&pageSize="+pageSize+"&webSiteId=WEBSITE_ID&websiteGroupName=WEBSITE_GROUP_NAME&sortType=Ascending");

  message.setHttpMethod("Get");

  message.setBasicAuth("USERID","USERTOKEN");

  var response = message.execute();

  var responseBody = response.haveError() ? response.getErrorMessage() : response.getBody();

  var body = JSON.parse(responseBody);

  if (response.getStatusCode() != 200 || page > body.PageCount) {

    this.hasMoreData(false);

    this.setNextRunParameters(null);

  } else {

    this.hasMoreData(true);

    this.setNextRunParameters({ page: page +1 });

    var vulnerabilities = body.List;

    for (var i in vulnerabilities) {

      var vulnerability = vulnerabilities[i];

      var third_party_entry = new GlideRecord("sn_vul_third_party_entry");

      var vul_entry = new GlideRecord("sn_vul_entry");

      var cwe_entry = new GlideRecord("sn_vul_cwe");

      //create vulnerability

      if (!third_party_entry.get('id', "NE-" + vulnerability.Id.toString())) {

        third_party_entry.initialize();

        cwe_entry.initialize();

        vul_entry.setValue("id", "NE-" + vulnerability.Id.toString());

        vul_entry.setValue("normalized_severity",vulnerability.Severity);

        vul_entry.setValue("source" , "Invicti Enterprise");

        vul_entry.setValue("summary", vulnerability.VulnerabilityDetail);

        vul_entry.setValue("name" , vulnerability.Title);

        if (vulnerability.CvssVector && vulnerability.CvssVector.Base ) {

         vul_entry.setValue("v3_base_score",vulnerability.CvssVector.Base.Value);

        }

        if (vulnerability.Cvss31VectorString != "") {

          vul_entry.setValue("v3_vector_string",vulnerability.Cvss31VectorString);

        }

        var check = cwe_entry.get('cwe_id', vulnerability.CWE.toString());

        vul_entry.setValue("cwe_id",cwe_entry.sys_id);

        var insertV=vul_entry.get();

        third_party_entry.get(insertV);

        third_party_entry.setValue("id", "NE-" + vulnerability.Id.toString());

        third_party_entry.setValue("normalized_severity",vulnerability.Severity);

        third_party_entry.setValue("source" , "Invicti Enterprise");

        third_party_entry.setValue("summary", vulnerability.VulnerabilityDetail);

        third_party_entry.setValue("name" , vulnerability.Title);

        if (vulnerability.CvssVector && vulnerability.CvssVector.Base) {

          third_party_entry.setValue("v3_base_score",vulnerability.CvssVector.Base.Value);

        }

        if(vulnerability.Cvss31VectorString != ""){

          third_party_entry.setValue("v3_vector_string",vulnerability.Cvss31VectorString);

        }

        third_party_entry.setValue("cwe_id",cwe_entry.sys_id);

        third_party_entry.insert();

      }

      //create vulnerability item

      var vulnItemRecord = new GlideRecord('sn_vul_vulnerable_item');

      vulnItemRecord.initialize();

      if (!vulnItemRecord.get('external_id',vulnerability.Id.toString())) {

        vulnItemRecord.assigned_to = "ASSIGNEE_USER_ID_ON_SERVICENOW";

        vulnItemRecord.source = "Invicti Enterprise";

        vulnItemRecord.vulnerability.setDisplayValue(third_party_entry.sys_id);

        vulnItemRecord.external_id = vulnerability.Id.toString();

        vulnItemRecord.insert();

        vulnItemRecord.query();

      }

    }

    var third_party_first_entry = new GlideRecord("sn_vul_third_party_entry");

    var first_vulnerabilty = vulnerabilities[0];

    third_party_first_entry.get('id', "NE-" + first_vulnerabilty.Id.toString());

    third_party_first_entry.setValue("normalized_severity",first_vulnerabilty.Severity);

        if (first_vulnerabilty.CvssVector && first_vulnerabilty.CvssVector.Base ) {

      third_party_first_entry.setValue("v3_base_score",first_vulnerabilty.CvssVector.Base.Value);

    }

    if (first_vulnerabilty.Cvss31VectorString != "") {

      third_party_first_entry.setValue("v3_vector_string",first_vulnerabilty.Cvss31VectorString);

    }

    third_party_first_entry.update('First third party entry has updated');

    var first_vul_entry = new GlideRecord("sn_vul_entry");

    first_vul_entry.get('id', "NE-" + first_vulnerabilty.Id.toString());

    first_vul_entry.setValue("normalized_severity",first_vulnerabilty.Severity);

if (first_vulnerabilty.CvssVector && first_vulnerabilty.CvssVector.Base) {

    first_vul_entry.setValue("v3_base_score",first_vulnerabilty.CvssVector.Base.Value);

    }

    if (first_vulnerabilty.Cvss31VectorString != "") {

     first_vul_entry.setValue("v3_vector_string",first_vulnerabilty.Cvss31VectorString);

    }

    first_vul_entry.update('First vuln entry has updated');

  }

  return {contents: responseBody, contentType: "application/json", extension:"json"};

  },

  type: 'SCRIPT_NAME'

});

  1. Paste your adjusted script into the text area. Then, click Submit. Your script is saved.
  2. Select your script from the list:
  • Click the search icon next to the Integration script field.
  • From the Script Includes window, select your script from the list. After selecting, ServiceNow imports your script into the Integration Script field.
  1. From the Report processor strategy dropdown, select Custom Report Processor.
  2. Click the search icon next to the Report processor field, then select Vulnerability Report Processor Base.
  3. Click Submit to save your script.

Step 3: How to run the script

  1. Select your script from the Vulnerability Integrations page.
  2. Click Execute Now to run your script. When you execute the script, ServiceNow Vulnerability Response runs your script based on the time interval you selected when creating the integration.

  1. Check the Vulnerability Integration Runs tab to see whether ServiceNow runs your script successfully.

  1. To view all issues that ServiceNow Vulnerability Response has collected via the script, you can check the Third-Party section:
  • On the left navigation pane, type Third-Party to the filter navigator box.
  • From the Vulnerability Response category, select Third-Party. Now you can view all issues and their details.

How to find the User ID in ServiceNow Vulnerability Response

  1. On the left navigation pane, type Users into the filter navigator box.
  2. From the Organization section, select Users.
  3. From the Users section, select the User ID to assign the task.