0% found this document useful (0 votes)

97 views72 pages

SNOW UserGuide 4.x

Servicenow User Guide

Uploaded by

Satish Wagh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

97 views72 pages

SNOW UserGuide 4.x

Servicenow User Guide

Uploaded by

Satish Wagh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 72

Tenable for ServiceNow 4.x.

x User
Guide

Last Revised: May 05, 2021

Table of Contents

Welcome to Tenable for ServiceNow 4.x.x 4

Before You Begin 5

Application Dependencies 8

Get Started with Tenable for ServiceNow 9

Install 10

Upgrade to 4.x.x Tenable Applications 11

Upgrade the Tenable Applications 13

Upgrade the Tenable Applications 14

Configure 17

Configure the Tenable Connector 18

Disable or Enable Connectors 22

Assets Configuration and Schedule Import 25

VR Configuration and Schedule Import 32

ITSM Configuration and Schedule Import 37

Settings 49

General Settings 50

Assets Settings 51

VR Settings 52

ITSM Settings 54

Configure CI to SC Asset Group 55

Tenable Applications 56

Tenable for Assets 57

Tenable for Assets for ServiceNow 58

Tenable for ITSM 61

Tenable.io for ITSM for ServiceNow 62

Tenable for VR 65

Available Data 67

Support 71

Troubleshooting 72

Tenable applications are designed to help customers who use ServiceNow with Tenable.io or Tenable.sc.

In the Tenable for ServiceNow 4.x.x, all configuration and import scheduling is done via the connectors.
Therefore, you must properly configure your connectors for the Assets, Vulnerability Response (VR), or
Information Technology Service Management (ITSM) applications to function properly.

The Tenable for Assets application integrates Tenable assets with the ServiceNow Configuration Man-
agement Database (CMDB) to use the ServiceNow Identification Reconciliation Engine (IRE). This applic-
ation, once configured, allows you to bring Tenable asset data into ServiceNow as CIs and to push
ServiceNow CIs to Tenable as assets.

The Tenable for Vulnerability Response application integrates Tenable vulnerability findings with the Ser-
viceNow Security Operations Vulnerability Response module. This application, once configured, syncs all
of Tenable vulnerability findings into ServiceNow Vulnerable Items (VI) and Tenable Plugin details into
ServiceNow Third Party Vulnerabilities.

The Tenable for ITSM application integrates Tenable high and critical vulnerability findings into a custom
table that can then be used to create incidents from the vulnerabilities. This application, once configured,
syncs all of Tenable vulnerability findings into a custom vulnerabilities table and Tenable Plugin details
into a second custom table.

This guide covers ServiceNow integration with:

l Tenable Connector

l Assets Configuration and Schedule Import

l VR Configuration and Schedule Import

l ITSM Configuration and Schedule Import

You must complete the following steps before you can use the Tenable for ServiceNow application.

Configure ServiceNow Applications

Tenable recommends that you work with your internal ServiceNow Administrator or ServiceNow Con-
sultant to help setup the applications and follow ServiceNow’s process for development which uses a
development > test > production model:

l Install your development instance and tune as necessary.

l Create any modifications using update sets.

l Install the applications on a test environment and promote those update set changes for quality
assurance in your test environment.

l Once approved in your test environment, install the Tenable applications on a production envir-
onment and apply the update sets.

Note: You need unique credentials for each ServiceNow environment.

Configure ServiceNow MID Server

The ServiceNow MID Server application facilitates communication and movement of data between the
platform and external applications, data sources, and services. There can be several MID servers in an
environment with some dedicated for development/testing and others dedicated to production. If your Ten-
able.sc resides behind a firewall on your internal network, you must use the MID server to access its data.

l Review the MID server section in the ServiceNow documentation.

l Ensure your system meets the MID server system requirements, as described in the MID Server
System requirements in the ServiceNow documentation.

l Ensure your system meets the MID Server memory requirements, as described in the Set the MID
Server JVM memory size section in the ServiceNow documentation.

ServiceNow Scoped Application

Application scoping protects applications by identifying and restricting access to application files and
data. For more information, see the Application Scope section in the ServiceNow documentation.

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade-
marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective
Enabling the Application picker under the developer tab in the ServiceNow UI configuration menu sim-
plifies the Tenable for ServiceNow application configuration. For more information, see the System set-
tings for the user interface (UI) section in the ServiceNow documentation.

Configure Users in Tenable Applications

Tenable requires creating individual ServiceNow users in Tenable.io/Tenable.sc for each of your Ser-
viceNow instances. This helps prevent rate limiting, data collision, etc.

Examples:

l sn_dev

l sn_test

l sn_prod

By segmenting the users, you can also limit the amount of data used in your development and test envir-
onments.

In Tenable.io, you can set up an Access Group and limit the data to specific assets to simplify the import
and testing of data.

In Tenable.sc, you can create a query that limits the data presented to the development and test users. To
determine the best dataset to use for your development and test environments, speak with your Tenable
administrator. They can also help you ensure ServiceNow displays the best data by setting up appro-
priate scan cadences.

Generate Tenable.io API Keys

If you want to integrate ServiceNow with Tenable.io, you must generate API keys.

Note: You must create unique API keys for use with ServiceNow.

1. Log in to Tenable.io.

2. Create administrator accounts (e.g. development, test, production) dedicated for use with Ser-
viceNow. These accounts are used by ServiceNow to connect to Tenable.io to retrieve asset data.

3. Generate API keys and save them for use with ServiceNow.

Note: For your Tenable.io integration:

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade-
marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective
or custom-built application or integration. It must be unique for each installed instance of the integ-
ration.)

4. Navigate to Settings > Access Groups.

5. Click the All Assets group.

6. Do one of the following:

l If the All Users toggle is enabled, do nothing.

l If the All Users toggle is disabled:

a. Click the + button.

b. Add the ServiceNow users you created in step 2.

Generate Tenable.sc API Keys

If you want to integrate Tenable.sc with ServiceNow, you must create API keys.

Note: You must create unique API users for use with ServiceNow.

1. Log in to Tenable.sc.

2. Create security manager accounts or Create security analyst accounts (e.g. development, test, pro-
duction) with full access dedicated for use with ServiceNow. These accounts are used by Ser-
viceNow to connect to Tenable.sc to retrieve data and kick off remediation scans.

3. Generate API keys and save them for use with ServiceNow.

The Tenable apps for ServiceNow have the following application dependencies:

l ServiceNow Orlando, Paris, or Quebec

l ServiceNow Configuration Management Database (CMDB)

l Integration Commons for CMDB

l CMDB CI Class Models

l Tenable.io or Tenable.sc 5.7+

l Tenable Connector (ServiceNow Application) - This application is a prerequisite for all other Ten-
able.io applications in the ServiceNow store

l Tenable Assets - This application is dependent on Tenable Connector

l Tenable VR - This application is dependent on Tenable Assets and ServiceNow VR

l Tenable ITSM - This application is dependent on Tenable Assets

Use the following getting started sequence to configure your Tenable for ServiceNow integration.

Note: It is important to configure Tenable ServiceNow applications in the following order. You must install and con-
figure connectors before any other application. If the connectors are not properly installed, those errors will impact
all subsequent application installations and configurations.

Tip: Tenable recommends using the tabbed view in ServiceNow to easily navigate the Tenable applications. To use
this setting, go to Settings > Forms. Enable the Tabbed forms toggle.

1. Install the Tenable applications you want to use in ServiceNow.

Note: Tenable Connector and Tenable Assets are required.

2. Configure the Tenable Connector.

3. Configure the Tenable for Assets application. You can schedule imports in this step.

Note: It is important to accurately configure the Tenable for Asset application. If this is not set up correctly,
the integration does not work properly.

4. (Optional) Configure the Tenable for VR application. You can schedule imports in this step.

5. (Optional) Configure the Tenable for ITSM application. You can schedule imports in this step.

6. Configure advanced options.

To download the Tenable applications, go to the ServiceNow App Store. For more information on how to
download applications from the App Store, see the ServiceNow documentation.

The following Tenable applications are available in the ServiceNow App Store:

l Tenable Connector (Required)

l Tenable for Assets (Required)

l Tenable for Vulnerability Response (VR) (Optional)

l Tenable for ITSM (Optional)

Step 1: Upgrade the Applications

While the upgrade is seamless from an application perspective, we have moved from a custom CI match-
ing/create engine to the ServiceNow Identification Reconciliation Engine (IRE). This change means that
you must first understand IRE and plan for testing to ensure that IRE works as expected before upgrading
production and/or vulnerability data.

Two major items take place during application upgrade:

l All CIs that are in the Assets Pending Approval class are moved to one of the following new Ser-
viceNow classes:
o Unclassified Hardware
o Incomplete IP

This allows Tenable to utilize out-of-the-box CI classes and remove our custom CI classes in sub-
sequent versions of the application.

l The upgrade generates IRE payloads for every CI with Tenable asset attributes. This ensures that
any previous matches continue working as they did prior to the upgrade.

While IRE provides a standardized engine for bringing third-party asset data into ServiceNow, there are
some limitations in IRE. These limitations are not specific to Tenable or Tenable data, but rather are part
of the design/functionality of the IRE. You must extensively test and tune how Tenable assets are brought
in using IRE. If you have questions or need assistance with tuning IRE, please contact your ServiceNow
representative.

It is important that every unique Tenable asset translates to a unique CI in ServiceNow. Otherwise, you
are guaranteed to lose Tenable vulnerability data when it imports into ServiceNow.

Moving forward, be sure to follow the Asset application setup procedures. Fore more information, see the
IRE Rules instructions in the Assets Configuration section.

Step 2: Review the Upgrade History and Resolve Conflicts

If there are problems with your upgrade, you must review the Upgrade History and manually resolve any
conflicts.

To manually resolve conflicts with your upgrade:

2. In the left panel, in the Filter Navigator, type "Upgrade History".

3. Click Upgrade History.

The Upgrade History page appears.

4. In the To box, type "x_tsirm*"

5. On your keyboard, press Enter.

A list of system upgrades appears.

6. Locate item in the list with a value in the Change skipped column.

7. For each of these items, in the From column, click n/a.

8. Manually review and merge each skipped change.

Note: When opening a support case, you must provide proof that the above steps have been completed, as most
issues revolve around the incorrect completion of these steps.

Step 3: Delete Leftover Artifacts

Occasionally, older application files, or artifacts, may not get deleted even after performing the tasks in
Step 2: Review the Upgrade History and Resolve Conflicts. If you encounter this problem, view this
Knowledge Base article to manually delete any leftover artifacts.

Note: When opening a support case, you must provide the output of this script, as most issues revolve around the
incorrect completion of this step.

Upgrades are periodically made to the ServiceNow Tenable Applications. When these updates are made,
you must upgrade the platform to ensure the updates are applied to your system.

To upgrade the ServiceNow Tenable Applications:

1. Disable the Tenable connectors.

2. Upgrade the platform.

For more information, see the ServiceNow documentation.

3. For each of the Tenable Applications you installed, complete the Upgrade the Tenable Applications
steps.

l Upgrade the Tenable Connector

l Upgrade Tenable for Assets

l Upgrade Tenable for VR (if using)

l Upgrade Tenable for ITSM (if using)

4. Enable the Tenable connectors.

Step 1: Update the Tenable Application Version

To update the version of your Tenable application:

1. In the ServiceNow filter search bar, type system applications.

The system applications results appear.

2. Under System Applications, select Installed.

The All Applications page appears.

3. In the search filter, type Tenable.

4. Next to the installed application, click the version drop-down.

A list of available version updates appear.

5. Select the version that you want to update to.

6. Click Update.

The application updates to the version you selected.

Step 2: Review the Upgrade History and Resolve Conflicts

If there are problems with your upgrade, you must review the Upgrade History and manually resolve any
conflicts.

To manually resolve conflicts with your upgrade:

1. Log in to ServiceNow.

2. In the left panel, in the Filter Navigator, type "Upgrade History".

3. Click Upgrade History.

4. In the To box, type "x_tsirm*"

5. On your keyboard, press Enter.

A list of system upgrades appears.

6. Locate item in the list with a value in the Change skipped column.

7. For each of these items, in the From column, click n/a.

8. Manually review and merge each skipped change.

Step 3: Delete Leftover Artifacts

Configure your Tenable application.

1. Configure the Tenable Connector

2. Configure Tenable for Assets

3. (Optional) Configure Tenable for VR

4. (Optional) Configure Tenable for ITSM

The Tenable Connector provides all API interactions between your Tenable applications (Tenable.io or
Tenable.sc) and ServiceNow instance.

Note: In ServiceNow, you must have the x_tsirm_api_access admin role to perform the basic connector setup
process.

Note: The ServiceNow configuration only supports Tenable.sc versions 5.7 and later.

Before you begin:

For Tenable.io:

Required User Role: Administrator

l You must have your Tenable.io API keys.

Note: For your Tenable.io integration:

l You must generate an API key in Tenable.io to complete the configuration. See the Tenable.io user
guide for instructions on how to generate an API key. (Do not use this API key for any other third party
or custom built application or integration. A unique API key is required for each installed instance of
the integration.)

For Tenable.sc:

Required User Role: Security Analyst

To configure the Tenable connector for Tenable.io or Tenable.sc:

1. Log in to ServiceNow.

2. In the left navigation pane, click Tenable Connector > Connectors.

The Tenable Connectors page appears.

3. Click New.

4. From the Tenable Product drop-down box, select Tenable.io or Tenable.sc.

5. If you are in a domain separated environment, in the Domain box, type the domain into which to
bring connector data.

6. Select the Active check box.

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade-
marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective
7. In the Scheduled Job Run As box, type the username of the user with which you want to import
data.

Note: If you are in a domain separated environment, this field is required. The user must be part of the
domain specified in step 5.

8. In the Name text box, type a name for the connector.

9. Complete the configurations for your selected Tenable application.

For Tenable.io:

a. In the Address text box, type an IP address or DNS name for the connector.

ServiceNow populates this with the Tenable.io IP address.

Note: You must type https:// before the IP or DNS name.

b. In the Access Key text box, type the access key provided by your Tenable administrator.

c. In the Secret Key text box, type the secret key provided by your Tenable administrator.

For Tenable.sc:

b. In the Address text box, type an IP address or DNS name for the connector.

Note: You must type https:// before the IP or DNS name.

c. Click the lock button to lock the address.

d. In the MID Server text box, search for and select a MID server that can access your Ten-
able.sc server.

e. Do one of the following:

l If you check the Use User/Password check box:

i. In the API Username text box, type the API username provided by your Tenable
administrator.

ii. In the API Password text box, type the API password provided by your Tenable
administrator.

l If you do not check the Use User/Password check box:

i. In the Access Key text box, type the API access key provided by your Tenable
administrator.

ii. In the Secret Key text box, type the API secret key provided by your Tenable
administrator.

Tip: To save your selected configuration options without navigating away from the page:
1. Right click in the top menu that contains the Tenable Connector heading and menu.
A list of options appears.
2. Click Save.

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade-
marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective
10. (Optional) In the General Settings section, you can specify your Max ECC Wait Time (in seconds)
and Request Timeout (in seconds) for each of your configured connectors.

11. In the Asset Settings section, you can set the Asset Logging Level, Asset Max Cumulative Log
Entries, and Asset Max Cumulative Log Sizes. The default setting for the logging levels is Errors
Only.

12. In the Additional Asset Settings section, you can set New Record Sync Frequency (in minutes),
Record Update Sync Frequency (in minutes), Asset Max Job Log (in days), and Asset Max Job
Wait (in days).

Note: You may have additional settings options on your connector page depending on the Tenable applications you
have installed, i.e., Tenable Assets (Assets Settings), Tenable VR (VR Settings), and Tenable ITSM (ITSM Set-
tings).

Note: For additional information about ServiceNow settings, see the ServiceNow documentation.

13. Click Test the Connector.

Note: If the connector test fails, check your username, password, and API Keys and retest the connector.

14. Click Update.

You can enable or disable your Tenable connectors.

Disable Connector

Enable Connector

To disable your Tenable Connector:

1. In the ServiceNow filter search bar, type Tenable.

The Tenable applications appear.

2. In the left-hand menu, click Tenable Connector.

3. In the sub-menu, click Connectors.

Your configured Tenable connectors appear.

4. Select your Tenable connector.

The selected connector page appears.

5. At the top of the page, deselect the Active checkbox.

The Tenable Connector is deactivated.

7. Repeat this to deactivate all your connectors.

To enable your Tenable Connector:

1. In the ServiceNow filter search bar, type Tenable.

The Tenable applications appear.

2. In the left-hand menu, click Tenable Connector.

3. In the sub-menu, click Connectors.

Your configured Tenable connectors appear.

4. Select your Tenable connector.

The selected connector page appears.

5. At the top of the screen, select the Active checkbox.

6. Click Update.

7. Repeat this to activate all your connectors.

Note: Tenable for Assets only supports Tenable.sc versions 5.7 and later.

The asset integration allows ServiceNow to retrieve and accurately match Tenable assets to your existing
CIs. Tenable for VR and ITSM both rely on this app for finding the correct asset related to vulnerabilities
from Tenable.

Note: It is extremely important that you completely setup and tune this integration to correctly match Tenable
Assets to ServiceNow CIs before moving on to Tenable for VR or Tenable for Assets.

To setup the asset integration configuration, you must:

l Configure the Tenable Connector

l Configure Assets to Sync from Tenable to ServiceNow

l Configure IRE Rules

l (Optional) Configure Assets to Sync from ServiceNow to Tenable.io

l (Optional) Configure CI to Sync from ServiceNow to Tenable.sc Asset Groups

Configure Assets to Sync from Tenable to ServiceNow

1. Log in to ServiceNow.

2. Go to the Tenable Connector Application.

3. In the left-hand menu, click Tenable Connector.

4. In the sub-menu, click Connectors.

The Tenable Connectors page appears.

5. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

The Tenable Connector page appears.

6. In the Scheduled Jobs section, click New.

The Tenable Scheduled Import page appears. By default, the Tenable Product and Connector
fields populate with the Tenable application/connector you selected in step 3.

7. From the Tenable Application drop-down box, select Tenable for Assets.

Tenable.io

8. From the Tenable Job Type drop-down box, select the appropriate job type.

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade-
marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective
9. If you are in a domain separated environment, in the Domain box, type the domain into which to
bring connector data.

10. (For Tenable.io) From the Import Export drop-down box, select Import. Import is selected by
default.

11. In the Name text box, type a unique name for this scheduled job.

12. Configure the options for your import.

Option Description

Last Update Pull Sets a date and time for the next pull.

Note: This field is set by the scheduled job as it runs.

Active If selected, an asset sync is automatically queued when

you submit the import or export. Default setting: selec-
ted.

Order Prioritizes when the import should run. (This option pop-
ulates when you select the Tenable Application in step
6. However, you can modify it by typing in the text box.)

Default Chunk Size The number of records pulled in segments during the
import. (This option populates when you select the Ten-
able Application in step 6. However, you can modify it
by typing in the text box.)

SC Query (Only for Tenable.sc) Select the Tenable.sc query to

use for the import.

Configuration

Record Update Sync Frequency The frequency of pulling assets (in minutes). The
default setting is once a day (1,440 minutes).

Note: This option is hard coded and can only be changed

via the code.

13. Click Submit.

Note: Ensure that you accurately configure the assets. Asset configuration is key in making the integration work
properly. Errors in these configuration steps, effect all future configurations.

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade-
marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective
Configure IRE Rules
Be sure to review the ServiceNow 3.0.x upgrade instructions to ensure the IRE will work in your envir-
onment.

Note: By default, Tenable data updates CI fields on each import. If you are using ServiceNow Paris or later, you can
use reconciliation rules to control what asset data updates.

1. Log in to ServiceNow.

2. In the left panel, in the Filter navigator, type "CI Class Manager".

3. Click CI Class Manager.

The CI Class Manager page opens.

4. Click Open Hierarchy.

The CI Classes panel opens.

5. In the CI Classes panel, click Hardware (2032).

The Hardware page appears.

6. In the Class Info section, click Identification Rule.

The Identification Rule page appears.

7. Clone or edit the Serial Number rule.

The Edit Identifier Entry window appears.

8. Click Advanced Options.

9. In the Advanced Options section, deselect the Enforce exact count match check box.

10. Click Save.

You return to the Identification Rule page.

11. Clone or edit the Network Adapter rule.

The Edit Identifier Entry window appears.

12. Repeat steps 8-10 for the Network Adapter rule.

What to do next:

Clean the correlation data to ensure IRE rule changes are applied on the next import.

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade-
marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective
Below are example background scripts that you can run to clean direct correlations between Tenable
data, the CMDB, and IRE data. When you make changes to the IRE rules to better match third party data
to your existing ServiceNow CIs, you must clean up old relationships to ensure the updated rules are
applied.

//Asset Attributes cleanup x_tsirm_tio_cmdb_asset_attributes

var assetInfo = new GlideMultipleDelete('x_tsirm_tio_cmdb_asset_attributes');
assetInfo.execute();
// Cleanup source uniqueness This will force IRE matching
var assetSysSource = new GlideMultipleDelete(“sys_object_source”);
assetSysSource.addQuery(“name”, “STARTSWITH”, “Tenable”);
assetSysSource.execute();

(Optional) Configure Assets to Sync from ServiceNow to Tenable.io

Note: Please work with your ServiceNow administrator to perform the following task. The information provided
below should be used as a guideline. Your administrator can assist in tuning the export to achieve your desired res-
ults.

1. Log in to ServiceNow.

2. In the left-hand menu, click Tenable Connector.

3. In the sub-menu, click Connectors.

The Tenable Connectors page appears.

4. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

The Tenable Connector page appears.

5. In the Scheduled Jobs section, click New.

The Tenable Scheduled Import page appears. By default, the Tenable Product and Connector
fields populate with the Tenable application/connector you selected in step 3.

6. From the Tenable Application drop-down box, select Tenable for Assets.

7. From the Tenable Job Type drop-down box, select the appropriate job type.

8. If you are in a domain separated environment, in the Domain box, type the domain into which to
bring connector data.

9. (For Tenable.io) From the Import Export drop-down box, select Import. Import is selected by
default.

11. Configure the options for your export.

Option Description

Last Update Pull Sets a date and time for the next pull.

Active If selected, an asset sync is automatically queued when

you submit the import or export. Default setting: selec-
ted.

Order The order that the import should run. (This option pop-
ulates when you select the Tenable Application in step
6. However, you can modify it by typing in the text box.)

Configuration

Record Update Sync Frequency The frequency of pulling assets (in minutes). The
default setting is once a day (1,440 minutes).

Note: This option is hard coded and can only be changed

via the code.

Source table and Conditions Select source tables and use filter conditions to specify
export information.

12. Click Submit.

(Optional) Configure CI to Sync from ServiceNow to Tenable.sc Asset Groups

1. Log in to ServiceNow.

2. Navigate to Tenable for Assets > Configuration > CI to SC Asset Groups.

Note: Tenable does not recommend using the default export because it uses predefined ServiceNow sysids
that can be overwritten during the upgrade process.

4. In the upper-right corner of the page, from the application picker drop-down box, select Global.

5. Click New.

6. In the Name text box, type a name for the export.

7. In the Connector text box, type the connector to use for the import.

8. From the Group Type drop-down box, select the type of asset group to create.

9. In the Filter section, filter the records you want to export.

10. Click Submit.

This section describes how to configure Tenable for VR.

Note: The Tenable for Vulnerability Response application only supports Tenable.sc versions 5.7 and later.

The VR integration configuration allows ServiceNow to poll and retrieve vulnerability data from Tenable.

Before you begin:

l In ServiceNow, you must have an account that has the x_tsirm_tio_vr.admin role complete the
setup.

l Configure the Tenable Connector

Note: You must completely configure and tune Tenable for Assets to correctly match Tenable Assets with
ServiceNow CIs. If you do not do this first, you will have issues with VR.

Configure the ServiceNow and Tenable VR Connector

1. Log in to ServiceNow.

2. In the left-hand menu, click Tenable Connector.

3. In the sub-menu, click Connectors.

The Tenable Connectors page appears.

4. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

The Tenable Connector page appears.

5. In the Scheduled Jobs section, click New.

The Tenable Scheduled Import page appears. By default, the Tenable Product and Connector
fields populate with the Tenable application/connector you selected in step 3.

6. From the Tenable Application drop-down box, select Tenable for VR.

Tenable.io

7. From the Tenable Job Type drop-down box, select the appropriate job type.

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade-
marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective
8. If you are in a domain separated environment, in the Domain box, type the domain into which to
bring connector data.

9. (For Tenable.io) From the Import Export drop-down box, select Import. Import is selected by
default.

10. In the Name text box, type a name for the VR.

11. Configure the options for your import.

Option Description

Initial Run Historical Data Specifies how far back (in days) to import when run for the first
time. For example, if Within 30 days is selected, vulnerabilities
that were observed 15 or 25 days ago are imported into Ser-
viceNow. After the first import, Tenable only requests as many
days as needed to catch up with Tenable.io or Tenable.sc.

Run Fixed Query on Initial Pulls fixed vulnerabilities from the past on the first import. This
Run allows for more complete reporting in ServiceNow for prior fixed
vulnerabilities. Default setting: deselected.

Last Run -Opene- The date and time that the open/reopened import was last run.
d/Reopened

Last run - Fixed The date and time that the fixed import was last run.

Active If selected, an asset sync is automatically queued when you sub-

mit the import or export. Default setting: selected.

Default Chunk Size The number of records pulled in segments during the import.
(This option populates when you select the Tenable Application
in step 6. However, you can modify it by typing in the text box.)
(For Tenable.io, you should not change this unless Tenable
advises you to do so.)

Included Severities (Only for Tenable.io) Select the severity levels to import. If not
specified, all severity levels are imported.

Included Plugin Family (Only for Tenable.io) Select plugin family names to include in the
Names import. If not specified, all families are imported.

SC Query (Only for Tenable.sc) The Tenable.sc query used for the import

Schedule

Run The frequency with which you want the import to run.

Time The set time (hh/mm/ss) to run the import.

12. In the Access Key text box, type the access key provided by your Tenable administrator.

13. In the Secret Key text box, type the secret key provided by your Tenable administrator.

14. Click Update.

By default, that evening the connector starts syncing ServiceNow vulnerabilities to Tenable.io.

Third Party Vulnerabilities

To view third party vulnerabilities:

l Navigate to Vulnerable Items > Libraries > Third Party.

Vulnerabilities that include TEN- were imported from Tenable.io or Tenable.sc. Click a vulnerability
to view the details.

Note: The bottom of the page includes vulnerability items and lists of CVE information linked during the
import.

Vulnerability Items (Linked Vulnerability and Configuration Items)

To view vulnerability items:

Vulnerabilities that include TEN- were imported from Tenable.io and Tenable.sc. Click a vul-
nerability to view the details.

Note: If a vulnerability item is closed, the text boxes are disabled. In the Notes section, you can view inform-
ation about why the item is closed.

This section describes how to configure Tenable for ITSM.

Note: The ITSM app only pulls in Critical and High vulnerabilities. If you require more flexibility/customization, you
can upgrade to the free Tenable for Vulnerability Response application.

Note: The ServiceNow configuration only supports Tenable.sc versions 5.7 and later.

The ITSM integration configuration allows ServiceNow to poll and retrieve vulnerability data from Ten-
able.io/Tenable.sc.

Before you begin:

In ServiceNow, you must have the x_tsirm_tio_itsm.admin role to complete the setup.

Note: You must completely configure and tune Tenable for Assets to correctly match Tenable Assets with Ser-
viceNow CIs. If you do not do this first, you will have issues with ITSM.

To setup the ITSM integration configuration, you must:

l Configure the Tenable Connector

l Create the ServiceNow and Tenable.io ITSM Connector

l Create an Incident Rule

l ITSM Configuration and Schedule Import

Create the ServiceNow and Tenable.io ITSM Connector

1. Log in to ServiceNow.

2. In the left-hand menu, click Tenable Connector.

3. In the sub-menu, click Connectors.

The Tenable Connectors page appears.

4. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

The Tenable Connector page appears.

The Tenable Scheduled Import page appears. By default, the Tenable Product and Connector
fields populate with the Tenable application/connector you selected in step 3.

6. From the Tenable Application drop-down box, select Tenable for ITSM.

Tenable.io

Tenable.sc

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade-
marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective
7. If you are in a domain separated environment, in the Domain box, type the domain into which to
bring connector data.

8. (For Tenable.io) From the Import Export drop-down box, select Import. Import is selected by
default.

9. In the Name text box, type a name for the import.

10. Configure the options for your import.

Option Description

Initial Run - Historical The amount of time (in days) of how far back you want to pull
Data data.

Run Fixed Query on Initial Pulls fixed vulnerabilities on the first import. Default setting:
Run deselected.

Last Run -Opene- The date and time that the open/reopened import was last run.
d/Reopened

Last run - Fixed The date and time that the fixed import was last run.

Active If selected, an asset sync is automatically queued when you sub-

SC Query (Only for Tenable.sc) The Tenable.sc query used for the import
or export.

Schedule

Run The frequency with which you want the import to run.

Time The set time (hh/mm/ss) to run the import.

11. Click Update.

By default, that evening, the connector starts syncing ServiceNow vulnerabilities to Tenable.io/Ten-
able.sc.

Create an Incident Rule

Incident Rules must be created/enabled for the integration to create incidents. By default, a disabled
example rule comes with the application.

1. From the left navigation pane, navigate to Tenable for ITSM > Configuration > Incident Rules.

The Incident Rules page appears.

2. Click New.

The New record page appears.

4. Select the Active check box.

5. (Optional) If you want to use scripting to create this rule, click the Advanced check box and type the
desired script.

Incident rule field options

Column label Column name Type

Sys ID sys_id Sys ID

(GUID)

acceptRisk u_acceptrisk String

asset u_asset String

asset/agent_uuid u_asset_agent_uuid String

asset/bios_uuid u_asset_bios_uuid String

asset/device_type u_asset_device_type String

asset/fqdn u_asset_fqdn String

asset/hostname u_asset_hostname String

asset/last_authenticated_results u_asset_last_a_icated_results String

asset/last_unauthenticated_results u_asset_last_u_icated_results String

asset/mac_address u_asset_mac_address String

asset/netbios_name u_asset_netbios_name String

asset/netbios_workgroup u_asset_netbios_workgroup String

asset/network_id u_asset_network_id String

asset_operating_system u_asset_operating_system String

asset/tracked u_asset_tracked String

asset/uuid u_asset_uuid String

baseScore u_basescore String

bid u_bid String

checkType u_checktype String

connector u_connector String

cpe u_cpe String

cve u_cve String

cvssV3BaseScore u_cvssv3basescore String

cvssV3TemporalScore u_cvssv3temporalscore String

cvssV3Vector u_cvssv3vector String

cvssVector u_cvssvector String

exploitAvailable u_exploitavailable String

exploitEase u_exploitease String

exploitFrameworks u_exploitframeworks String

family/id u_family_id String

first_found u_first_found String

fqdn u_fqdn String

hasBeenMitigated u_hasbeenmitigated String

hostname u_hostname String

hostUniqueness u_hostuniqueness String

id u_id String

interfaces u_interfaces String

ips u_ips String

job_type u_job_type String

last_fixed u_last_fixed String

last_found u_last_found String

name u_name String

netbiosName u_netbiosname String

operating_system u_operating_system String

output u_output String

patchPubDate u_patchpubdate String

plugin u_plugin String

pluginText u_plugintext String

plugin_bid u_plugin_bid String

plugin/canvas_package u_plugin_canvas_package String

plugin/checks_for_malware u_plugin_checks_for_malware String

plugin/cpe u_plugin_cpe String

plugin_cve u_plugin_cve String

plugin/cvss3_vector/availability_impact u_plugin_cvss3_ability_impact String

plugin/cvss3_base_score u_plugin_cvss3_base_score String

plugin/cvss3_temporal_vec- u_plugin_cvss3_ediation_level String

tor/remediation_level

plugin/cvss3_vector/access_complexity u_plugin_cvss3_ess_complexity String

plugin/cvss3_temporal_vec- u_plugin_cvss3_exploitability String

tor/exploitability

plugin/cvss3_temporal_vector/report_ idence u_plugin_cvss3_ort_con- String

confidence fidence

plugin/cvss_temporal_vector/raw u_plugin_cvss__ral_vector_raw String

plugin/cvss_vector/integrity_impact u_plugin_cvss__tegrity_impact String

plugin/cvss_vector/confidentiality_ u_plugin_cvss__tiality_impact String

impact

plugin/cvss_vector/access_vector u_plugin_cvss___access_vector String

plugin/description u_plugin_description String

plugin/exploitability_ease u_plugin_exploitability_ease String

plugin/exploited_by_malware u_plugin_exploited_by_malware String

plugin/exploited_by_nessus u_plugin_exploited_by_nessus String

plugin/exploit_available u_plugin_exploit_available String

plugin/exploit_framework_canvas u_plugin_explo_amework_canvas String

plugin/exploit_framework_core u_plugin_explo_framework_core String

plugin/exploit_framework_exploithub u_plugin_explo_ork_exploithub String

plugin/exploit_framework_d2_elliot u_plugin_explo_work_d2_elliot String

plugin/family u_plugin_family String

plugin/family_id u_plugin_family_id String

plugin/family_type u_plugin_family_type String

plugin/has_patch u_plugin_has_patch String

plugin/id u_plugin_id String

plugin/info u_plugin_info String

plugin/in_the_news u_plugin_in_the_news String

plugin/metasploit_name u_plugin_metasploit_name String

plugin/modification_date u_plugin_modification_date String

plugin/name u_plugin_name String

plugin/patch_publication_date u_plugin_patch_blication_date String

plugin/publication_date u_plugin_publication_date String

plugin/risk_factor u_plugin_risk_factor String

plugin_see_also u_plugin_see_also String

plugin/solution u_plugin_solution String

plugin/stig_severity u_plugin_stig_severity String

plugin/synopsis u_plugin_synopsis String

plugin/type u_plugin_type String

plugin/unsupported_by_vendor u_plugin_unsupported_by_vendor String

plugin/version u_plugin_version String

plugin/vpr u_plugin_vpr String

plugin/vpr/drivers/cvss3_impact_score u_plugin_vpr_d_3_impact_score String

plugin/vpr/drivers/cvss_impact_score_ u_plugin_vpr_d_core_predicted String

predicted

plugin/vpr/drivers/threat_ u_plugin_vpr_d_cy_lower_bound String

recency/lower_bound

plugin/vpr/drivers/threat_recency/up- u_plugin_vpr_d_cy_upper_bound String

per_bound

plugin/vpr/drivers/age_of_vuln/lower_ u_plugin_vpr_d_ln_lower_bound String

bound

plugin/vpr/drivers/age_of_vuln/upper_ u_plugin_vpr_d_ln_upper_bound String

bound

plugin/vpr/drivers/product_coverage u_plugin_vpr_d_oduct_coverage String

plugin/vpr/drivers/age_of_vuln u_plugin_vpr_d_rs_age_of_vuln String

plugin/vpr/drivers/threat_sources_ u_plugin_vpr_d_sources_last28 String

last28

plugin/vpr/drivers/threat_intensity_ u_plugin_vpr_d_tensity_last28 String

last28

plugin/vpr/drivers/threat_recency u_plugin_vpr_d_threat_recency String

plugin/vpr/drivers/exploit_code_matur- u_plugin_vpr_d__code_maturity String

ity

plugin/vpr/score u_plugin_vpr_score String

plugin/vpr/updated u_plugin_vpr_updated String

plugin/vuln_publication_date u_plugin_vuln_publication_date String

plugin/xrefs u_plugin_xrefs String

port u_port String

port/protocol u_port_protocol String

port/service u_port_service String

product_type u_product_type String

recastRisk u_recastrisk String

recast_reason u_recast_reason String

recast_rule_uuid u_recast_rule_uuid String

repository u_repository String

repository_data_format u_repository_data_format String

repository_id u_repository_id String

riskFactor u_riskfactor String

scan u_scan String

scan/completed_at u_scan_completed_at String

scan/schedule_uuid u_scan_schedule_uuid String

scan/started_at u_scan_started_at String

scan/uuid u_scan_uuid String

scunique u_scunique String

seeAlso u_seealso String

severity u_severity String

severity_default_id u_severity_default_id String

severity_id u_severity_id String

severity_modification_type u_severity_modification_type String

state u_state String

system_type u_system_type String

temporalScore u_temporalscore String

Uniqueness u_uniqueness String

uuid u_uuid String

vprContext u_vprcontext String

vprScore u_vprscore String

xref u_xref String

6. In the Asset field text box, select the appropriate asset for the rule.

7. In the Operator text box, select the appropriate operator for the rule.

8. In the Value text box, type the value for the rule.

9. (Optional) To reorder the incident rule, update the value in the Order text box. Incident rules are
tried in ascending order (lowest to highest).

10. If you are in a domain separated environment, in the Domain box, type the domain into which to
bring connector data.

11. Click Submit.

Plugins

To view plugins:

l Navigate to Tenable for ITSM > Plugins.

Vulnerabilities

To view vulnerabilities:

l Navigate to Tenable for ITSM > Vulnerabilities.

Incidents

To view incidents:

l Navigate to Tenable for ITSM > Incidents.

General Settings

Assets Settings

ITSM Settings

VR Settings

Use the settings options to maximize control and troubleshoot.

To access the General Settings:

1. Log in to ServiceNow.

2. In the left-hand menu, click Tenable Connector.

3. In the sub-menu, click Connectors.

The Tenable Connectors page appears.

4. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

The Tenable Connector page appears.

5. In the General Settings section, you can view/edit:

l Max ECC Wait Time (sec)

l Request Timeout (sec)

l Max Attachment Records

l Default Chunk Size

l Connector Logging Level

Use the settings options to maximize control and troubleshoot.

To access the Asset Settings:

1. Log in to ServiceNow.

2. In the left-hand menu, click Tenable Connector.

3. In the sub-menu, click Connectors.

The Tenable Connectors page appears.

4. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

The Tenable Connector page appears.

5. In the Asset Settings section, you can view/edit:

l Logging level

l Max Cumulative Log Entries

l Max Cumulative Log Size

l Additional Settings
o New Record sync frequency (min)
o Record update sync frequency (min)
o Asset Max Job Age (days)
o Asset Max Job Wait Time (days)

Use the settings options to maximize control and troubleshoot.

To access the VR Settings:

1. Log in to ServiceNow.

2. In the left-hand menu, click Tenable Connector.

3. In the sub-menu, click Connectors.

The Tenable Connectors page appears.

4. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

The Tenable Connector page appears.

5. In the VR Settings section, you can view/edit:

l VR Logging level

l VR Max Job Log Age (days)

l VR Plugin Chunk Size

l VR Vulnerability Chunk Size

l VR Max Cumulative Log Entries

l VR Max Cumulative Log Size

l VR Plugin Import Thread Limit

l VR Vulnerability Import Thread Limit

Furthermore, in the left-hand menu, you can configure the following settings:

l Advanced
o Transform Maps: Defines how fields are mapped as records and brought back in to update
ServiceNow records.

Caution: We do not support changes made to Transform Maps. If you want to customize your Trans-
form Maps options, we recommend you contact your ServiceNow Administrator.

Use the settings options to maximize control and troubleshoot.

To access the ITSM Settings:

1. Log in to ServiceNow.

2. In the left-hand menu, click Tenable Connector.

3. In the sub-menu, click Connectors.

The Tenable Connectors page appears.

4. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

The Tenable Connector page appears.

5. In the ITSM Settings section, you can view/edit:

l ITSM Logging Level

l ITSM Plugin Chunk Size

l ITSM Plugin Import Thread Limit

l ITSM Max Cumulative Log Entries

l ITSM Max Cumulative Log Size

l ITSM Vulnerability Chunk Size

6. In the ITSM Additional Settings section, you can view/edit:

l ITSM Age Out Period

l ITSM Max Job Log Age (days)

Create an Incident from a Record

See the ITSM Optional Configuration section.

You can configure matching and creating rules in ServiceNow for Tenable.io and Tenable.sc. See the
steps below for instructions on how to configure matching and creating rules.

To configure CI to SC Asset Group

1. In ServiceNow, navigate to Tenable for Assets > Configuration > CI to SC Asset Group.

The CI to SC Asset Group configuration page appears.

2. In the Name text box, type a name for the asset group.

3. In Group Type, select DNS or Static IP Address.

4. In the Filter section, add filter conditions for the asset group.

5. In the Connector field, enter the connector you want to use for the asset group.

6. (Optional) Correlation ID and Last Sync options can be added for your asset group.

7. Click Submit.

Tenable for Assets

Tenable for ITSM

Tenable for Vulnerability Response

Tenable for Assets syncs and reconciles assets between Tenable.io/Tenable.sc and the ServiceNow Con-
figuration Management Database (CMDB). With Tenable's sophisticated discovery and scanning tech-
nology and ServiceNow's extensive CMDB you can accurately track all of your assets.

Note: Tenable for Assets only supports Tenable.sc versions 5.7 and later.

l Customize how Tenable assets are matched to ServiceNow CIs

l Define which ServiceNow CIs are sent to Tenable as assets

Description
Tenable.io offers continuous monitoring and vulnerability management that protects critical applications,
devices, and infrastructures. The Tenable for Assets application is purpose-built for ServiceNow's Vul-
nerability Response offering, allowing you to import your Tenable.io vulnerability data and manage it
within ServiceNow.

Application Menu

Tenable for Assets

Primary Role Required: x_tsirm_tio_cmdb.user

Title Required Role

Documentation x_tsirm_tio_cmdb.user

Contact Support x_tsirm_tio_cmdb.user

Dashboard x_tsirm_tio_cmdb.user

Assets Pending Approval x_tsirm_tio_cmdb.user

All Synchronized Items x_tsirm_tio_cmdb.user

Configuration x_tsirm_tio_cmdb.admin

General Settings x_tsirm_tio_cmdb.admin

Connectors x_tsirm_tio_cmdb.admin

API Data Mappings x_tsirm_tio_cmdb.user

Diagnostics x_tsirm_tio_cmdb.admin

Asset Outbound Jobs x_tsirm_tio_cmdb.admin

Asset Inbound Jobs x_tsirm_tio_cmdb.admin

Queued Actions x_tsirm_tio_cmdb.admin

Primary Roles

x_tsirm_tio_cmdb.user
Description: A basic user of the application.

Business Rules

Update Job and Chunk Status

Description: Business rule that sets the status of jobs and chunks.

Push Asset Update to Tenable.io

Description: Sends asset update information to Tenable.io by creating an async request queue action
entry.

Set Name
Description: Sets the name of the asset attribute record if the connector or Asset UUID change.

Set Tenable Values when Done Processing

Description: On complete outbound jobs, this sets values on the asset attribute record.

Update Job Percent Complete

Description: Updates the job percent complete as records get processed.

Create Settings if None exist

Description: Automatically creates a general settings record with default values if one doesn’t exist.

Calc Job State

Description: Calculates the job state based on happenings with chunks.

On Job State Change

Description: Inbound job total records and percent complete, when the state of the job changes.

Notify About Limitations on Out of Box Rules

Push Asset Update to Tenable.io (Update)

Description: Sends asset update information to Tenable.io by creating an async request queue action
entry.

Tenable for IT Service Management (ITSM) provides the ability to import Tenable vulnerability findings
and transform them into ServiceNow incidents without the need for ServiceNow Vulnerability Response.
This helps you move from manual email and spreadsheet processes to a repeatable workflow in Ser-
viceNow. As your needs expand or you need more flexibility and customization, you can easily transition
to Vulnerability Response.

The Tenable ITSM Process

Tenable for ITSM uses Tenable for Assets to find the correct asset/CI to link a vulnerability to. It is
extremely important that you completely test and tune Tenable for assets before configuring Tenable for
ITSM. Tenable for ITSM uses the connector you specify to download vulnerabilities and create them in a
custom ServiceNow table. The application uses configurable incident rules to create ServiceNow incid-
ents for each vulnerability that can be used by IT administrators to assign remediation work to their teams.

The application creates vulnerabilities as follows:

l The Tenable ITSM app uses the Tenable for Assets app to match vulnerable assets to ServiceNow
CI’s.

l For every high and critical vulnerability finding, it creates a unique vulnerability entry in the Tenable
ITSM app.

l Unique vulnerability entries are determined by coalescing on ServiceNow CI, plugin id, port and pro-
tocol.

l If a vulnerability is fixed in Tenable, both the vulnerability and incident close in ServiceNow.

l If a vulnerability is manually closed, but is found in the future, Tenable reopens the vulnerability and
incident in ServiceNow.

The application can create incidents as follows:

l You can manually create a ServiceNow incident from the vulnerability form.

l You can create incident rules to automatically spawn incidents:

o Use the selector form for simple rule creation using asset fields and values.
o Use advanced scripting to manipulate data for more granular selection.

Tenable.io offers continuous monitoring and vulnerability management that protects critical applications,
devices, and infrastructures. The Tenable for ITSM application is purpose built for ServiceNow's Vul-
nerability Response offering, allowing you to import your Tenable.io vulnerability data and manage it
within ServiceNow.

Application Menu

Tenable.io for ITSM

Primary Role Required: x_tsirm_tio_itsm.user

Title Required Role

Documentation x_tsirm_tio_itsm.user

Contact Support x_tsirm_tio_itsm.user

Plugins x_tsirm_tio_itsm.user

Vulnerabilities x_tsirm_tio_itsm.user

Incidents x_tsirm_tio_itsm.user

Configuration x_tsirm_tio_itsm.user

General Settings x_tsirm_tio_itsm.admin

Connectors x_tsirm_tio_itsm.admin

Scheduled Imports x_tsirm_tio_itsm.user

Incident Rules x_tsirm_tio_itsm.admin

Diagnostics x_tsirm_tio_itsm.admin

Queued Actions x_tsirm_tio_itsm.admin

Documentation x_tsirm_tio_itsm.user

Contact Support x_tsirm_tio_itsm.user

Plugins x_tsirm_tio_itsm.user

Vulnerabilities x_tsirm_tio_itsm.user

Incidents x_tsirm_tio_itsm.user

Primary Roles

x_tsirm_tio_itsm.admin
Description: An administrative user of the application.

x_tsirm_tio_itsm.user
Description: A basic user of the application.

Business Rules

Calc Job State

Description: Calculates the job state based on happenings with chunks.

On Job State Change

Description: Inbound job total records and percent complete, when the state of the job changes.

Create Settings if None Exist

Description: Automatically creates a general settings record with default values if one doesn’t exist.

The integration of Tenable for Vulnerability Response with ServiceNow’s Vulnerability Response module
takes your Tenable platform findings and syncs them into ServiceNow Vulnerability Response tables and
data structures. This integration allows you to reduce your cyber risk by allowing you to rapidly prioritize
and automate the remediation of critical vulnerabilities across your most important assets.

Note: The Tenable for Vulnerability Response application only supports Tenable.sc versions 5.7 and later.

With Tenable for Vulnerability Response, you can:

l Leverage the Tenable for Assets application to properly link vulnerabilities to ServiceNow CIs

l Create ServiceNow third party vulnerabilities from Tenable Plugins

l Create Vulnerable Items from Tenable findings

l Customize data mapping while keeping app upgradability

l Configure vulnerabilities to sync from your Tenable platform

l Automatically close vulnerable items once Tenable finds them to be resolved

l Reopen previously closed vulnerable items if they are found again at a later date.

Tenable for VR allows you to fully integrate your Tenable data with ServiceNow creating closed loop
remediation. This application has grouping functionality and risk calculators. In addition, it creates tickets
for IT staff according to specified machines, allows reallocation, closing, and reopening.

Application Menu

Tenable for VR
Primary Role Required: x_tsirm_tio_vr.user

Title Required Role

Documentation x_tsirm_tio_vr.user

Contact Support x_tsirm_tio_vr.user

Configuration x_tsirm_tio_vr.user

General Settings x_tsirm_tio_vr.admin

Connectors x_tsirm_tio_vr.admin

Scheduled Imports x_tsirm_tio_vr.user

API Data Mappings x_tsirm_tio_vr.admin

Default VR Data Source x_tsirm_tio_vr.admin

Transform Maps x_tsirm_tio_vr.admin

Diagnostics x_tsirm_tio_vr.admin

Queued Actions x_tsirm_tio_vr.admin

Documentation x_tsirm_tio_vr.user

Contact Support x_tsirm_tio_vr.user

Configuration x_tsirm_tio_vr.user

General Settings x_tsirm_tio_vr.admin

Connectors x_tsirm_tio_vr.admin

Scheduled Imports x_tsirm_tio_vr.user

x_tsirm_tio_vr.admin
Description: An administrative user of the application.

x_tsirm_tio_vr.user
Description: A basic user of the application.

Business Rules

Calc Job State

Description: Calculates the job state based on happenings with chunks.

Run Plugin Families Populate on Activate

Description: Runs the script to run the API call to get plugin families from Tenable when a connector is
activated.

On Job State Change

Description: Inbound job total records and percent complete, when the state of the job changes.

Create Settings if None Exist

Description: Automatically creates a general settings record with default values if one doesn’t exist.

Tenable.io Data Map

The following table compares Tenable.io data field names with the equivalent names used in the Ser-
viceNow applications.

Tenable.io ServiceNow

bios_uuid bios_uuid

fqdns fqdn

ipv4s/ipv6s/network_interfaces ipv4/ipv6

last_authenticated_scan_date last_authenticated_scan_date

mac_addresses mac_address

mcafee_epo_guid mcafee_epo_guid

netbios_names netbios_name

agent_uuid agent_uuid

id asset_uuid

has_agent has_agent

has_plugin_results has_plugin_results

created_at created_at

terminated_at terminated_at

terminated_by terminated_by

updated_at updated_at

deleted_at deleted_at

deleted_by deleted_by

first_seen first_seen

last_seen last_seen

last_licensed_scan_date last_licensed_scan_date

azure_vm_id azure_vm_id

azure_resource_id azure_resource_id

aws_ec2_instance_ami_id aws_ec2_instance_ami_id

aws_ec2_instance_id aws_ec2_instance_id

aws_owner_id aws_owner_id

aws_availability_zone aws_availability_zone

aws_region aws_region

aws_vpc_id aws_vpc_id

aws_ec2_instance_group_name aws_ec2_instance_group_name

aws_ec2_instance_state_name aws_ec2_instance_state_name

aws_ec2_instance_type aws_ec2_instance_type

aws_subnet_id aws_subnet_id

aws_ec2_product_code aws_ec2_product_code

aws_ec2_name aws_ec2_name

mcafee_epo_agent_guid mcafee_epo_agent_guid

servicenow_sysid servicenow_sysid

agent_names agent_names

mac_addresses mac_addresses

netbios_names netbios_names

operating_systems operating_systems

system_types system_types

hostnames hostnames

ssh_fingerprints ssh_fingerprints

manufacturer_tpm_ids manufacturer_tpm_ids

symantec_ep_hardware_keys symantec_ep_hardware_keys

sources sources

tags tags

ipv4s ipv4s

ipv6s ipv6s

Tenable.sc Data Map

The following table compares Tenable.sc data field names with the equivalent names used in the Ser-
viceNow applications.

Tenable.sc ServiceNow

biosGUID bios_uuid

dnsName fqdn

ip ipv4/ipv6

lastAuthRun last_authenticated_scan_date

lastUnauthRun last_unauthenticated_scan_date

macAddress mac_address

mcafeeGUID mcafee_epo_guid

netbiosName netbios_name

osCPE os_cpe

uniqueness uniqueness

uuid agent_uuid

repository.dataFormat repository_data_format

repository.description repository_description

repository.name repository_name

The Tenable for ServiceNow applications are highly customizable as every ServiceNow environment
tends to be very different. However, Tenable cannot provide ServiceNow specific customization support.
This guide provides information for basic customization scenarios. Tenable cannot troubleshoot or sup-
port items such as custom CI rules, custom transform maps, and custom field mapping.

Many customers utilize a deployment partner to help set up their instance appropriately for their customer
needs. If you are interested, contact your Tenable representative to get information on other companies
that have extensive experience with the Tenable for ServiceNow applications.

Contacting Tenable Support

l Support Hours of Operation: 24 hours a day

l Support Days of Operation: 7 days a week

l Contact Method: Phone, Support Portal, Email, Chat

l Contact Details: 1-855- 267-7044 (Toll Free) 1-443- 545-2104 (Direct), Tenable Community Site

l Follow the Contact Tenable Support link in the application to go directly to the Tenable Community
Site

How can I view the progress of my scheduled import?

1. Navigate to Tenable Connector > Connector > Job Logs

The status of these jobs updates throughout the progress of the import:

a. Initially, the status is set to New.

b. While the job is running, the status updates to Identifying Chunks.

c. When the export job finishes and ServiceNow begins receiving chunk data from Tenable.io, the
status changes to Receiving Chunk Data.

Each chunk is attached to a .json file in ServiceNow. Chunks are listed under their associated job.

d. Once all the chunk data is retrieved, the status changes to Importing. Each chunk imports into Ser-
viceNow one at a time.

e. Once importing is complete, the job is marked as Complete or Complete with Errors.

Note: If a job is marked Complete with Errors, the job is attempted again on the next schedule.

How can I adjust the Log Level?

1. In ServiceNow, navigate to Tenable Connector > Connector > Asset/VR/ITSM Settings.

2. From the Logging Level drop-down, select the logging level you wish to employ.

Tenable Security Center-User Guide
No ratings yet
Tenable Security Center-User Guide
898 pages
Nessus 10 8
No ratings yet
Nessus 10 8
738 pages
Tenable Security Center-User Guide
No ratings yet
Tenable Security Center-User Guide
840 pages
Nessus 10 2guide
No ratings yet
Nessus 10 2guide
667 pages
GD121 Spare Parts Old
No ratings yet
GD121 Spare Parts Old
647 pages
Nessus 10 7
No ratings yet
Nessus 10 7
713 pages
Vuln Management Tenable
No ratings yet
Vuln Management Tenable
1,374 pages
Nessus 10 8
No ratings yet
Nessus 10 8
733 pages
Nessus 10 6
No ratings yet
Nessus 10 6
714 pages
Nessus 8 15
No ratings yet
Nessus 8 15
674 pages
Tenable Security Center Director-User Guide
No ratings yet
Tenable Security Center Director-User Guide
472 pages
State Budget 2025-26
No ratings yet
State Budget 2025-26
13 pages
Nessus 8 15
No ratings yet
Nessus 8 15
735 pages
Nessus 10 6
No ratings yet
Nessus 10 6
857 pages
Service Now Tutorial
No ratings yet
Service Now Tutorial
74 pages
ServiceNow Presentation
No ratings yet
ServiceNow Presentation
12 pages
Tenable Security Center-User Guide
No ratings yet
Tenable Security Center-User Guide
849 pages
ITOM - Discovery
No ratings yet
ITOM - Discovery
17 pages
Tata Play Packs 20240904 - 0
No ratings yet
Tata Play Packs 20240904 - 0
243 pages
ServiceNowConnector en
No ratings yet
ServiceNowConnector en
33 pages
Motivation Letter To Student Internship Exchange
100% (2)
Motivation Letter To Student Internship Exchange
2 pages
Tenable and ServiceNow Integration Guide
No ratings yet
Tenable and ServiceNow Integration Guide
50 pages
Tenable Security Center-User Guide
No ratings yet
Tenable Security Center-User Guide
990 pages
Nessus - 8 - 0 Manual
No ratings yet
Nessus - 8 - 0 Manual
384 pages
Lesson 1 (Week 1 (Area of Trapezium and Triangle)
No ratings yet
Lesson 1 (Week 1 (Area of Trapezium and Triangle)
3 pages
Peter Markus NGEM01
No ratings yet
Peter Markus NGEM01
63 pages
Admin Servicenow
No ratings yet
Admin Servicenow
157 pages
Tenablesc UserGuide
No ratings yet
Tenablesc UserGuide
498 pages
Nessus 8 11 PDF
No ratings yet
Nessus 8 11 PDF
475 pages
Advanced AutoCAD 2022 Exercise Workbook For Windows Cheryl R Shrock Steve Heather Download PDF
100% (2)
Advanced AutoCAD 2022 Exercise Workbook For Windows Cheryl R Shrock Steve Heather Download PDF
40 pages
Nessus 8 10
No ratings yet
Nessus 8 10
473 pages
Energy
No ratings yet
Energy
2 pages
Tenable Security Center Health Check Playbook
No ratings yet
Tenable Security Center Health Check Playbook
12 pages
Nessus - 5 (1) .0 - User - Guide
No ratings yet
Nessus - 5 (1) .0 - User - Guide
71 pages
Service
No ratings yet
Service
50 pages
Nessus 8 7 PDF
No ratings yet
Nessus 8 7 PDF
446 pages
The Future of IT - Managing Service Relationships in The Enterprise
100% (1)
The Future of IT - Managing Service Relationships in The Enterprise
19 pages
Nessus - Linux - Pagada
No ratings yet
Nessus - Linux - Pagada
371 pages
Discovery PreWorkshop Readiness Kickoff
No ratings yet
Discovery PreWorkshop Readiness Kickoff
30 pages
CHM2032L Lab Manual 8 Spectrophotometry Yavuz-Petrowski Fall 2021 Tde88JS
No ratings yet
CHM2032L Lab Manual 8 Spectrophotometry Yavuz-Petrowski Fall 2021 Tde88JS
21 pages
ServiceNow Vault First Call Deck
No ratings yet
ServiceNow Vault First Call Deck
19 pages
Discovery (Horizontal Discovery) - Setup Guide
No ratings yet
Discovery (Horizontal Discovery) - Setup Guide
18 pages
Sandiego Servicenow Product Overview
No ratings yet
Sandiego Servicenow Product Overview
20 pages
Tenable Core + Nessus User Guide: Last Revised: October 28, 2021
No ratings yet
Tenable Core + Nessus User Guide: Last Revised: October 28, 2021
124 pages
Chapter 12.2 - Financial Statements
No ratings yet
Chapter 12.2 - Financial Statements
10 pages
Hydraulic Seals
100% (10)
Hydraulic Seals
358 pages
Ebk Now Platform Reference Guide
No ratings yet
Ebk Now Platform Reference Guide
27 pages
PS SB QS Adopt Tenable - Io
No ratings yet
PS SB QS Adopt Tenable - Io
8 pages
Basic Microbiology and Biochemistry
No ratings yet
Basic Microbiology and Biochemistry
67 pages
System Administration Jakarta
80% (10)
System Administration Jakarta
347 pages
8.2.1 SailPoint Identity Governance Connector For ServiceNow Guide
No ratings yet
8.2.1 SailPoint Identity Governance Connector For ServiceNow Guide
24 pages
Participant Guide Servicenow Module 1 Compress
No ratings yet
Participant Guide Servicenow Module 1 Compress
80 pages
TenableSC Guide
No ratings yet
TenableSC Guide
147 pages
Vancouver Platform Security 1-22-2024
No ratings yet
Vancouver Platform Security 1-22-2024
8 pages
ASS0002510 - Solution Overview Template
No ratings yet
ASS0002510 - Solution Overview Template
9 pages
Uttah Release
No ratings yet
Uttah Release
81 pages
Abd Malik
No ratings yet
Abd Malik
1 page
PS SB QS Deploy Tenable - SC
No ratings yet
PS SB QS Deploy Tenable - SC
7 pages
Prefinal-1 Model Paper (2024-25)
No ratings yet
Prefinal-1 Model Paper (2024-25)
4 pages
Integration With Third-Party Applications and Data Sources
No ratings yet
Integration With Third-Party Applications and Data Sources
52 pages
Nessus FAQs
100% (1)
Nessus FAQs
14 pages
Icon Library Work Better
No ratings yet
Icon Library Work Better
15 pages
SecurityCenter 5.0 Installation
No ratings yet
SecurityCenter 5.0 Installation
27 pages
DataSheet-2019 Tenable Certification Program
No ratings yet
DataSheet-2019 Tenable Certification Program
2 pages
Participant Guide Servicenow Module
No ratings yet
Participant Guide Servicenow Module
80 pages
Lesson 23 - Unit Review Part 1
No ratings yet
Lesson 23 - Unit Review Part 1
2 pages
Separation by Drying
No ratings yet
Separation by Drying
30 pages
BPD03 Credentials Oct2022
No ratings yet
BPD03 Credentials Oct2022
2 pages
BPMG 3023 Transport and Society Assignment 1
No ratings yet
BPMG 3023 Transport and Society Assignment 1
8 pages
Ultraviolet Protection Factor (UPF)
No ratings yet
Ultraviolet Protection Factor (UPF)
4 pages
Updated Constitution of Business Club
No ratings yet
Updated Constitution of Business Club
13 pages
Solution Overview Template
No ratings yet
Solution Overview Template
9 pages
Irish Unemployment p2 Markscheme New
No ratings yet
Irish Unemployment p2 Markscheme New
4 pages
Inspection Preparation For Ships
No ratings yet
Inspection Preparation For Ships
3 pages
Securitycenter 5.0 Installation Guide: June 23, 2015 (Revision 3)
No ratings yet
Securitycenter 5.0 Installation Guide: June 23, 2015 (Revision 3)
27 pages
Grade 6 2nd Q Final
No ratings yet
Grade 6 2nd Q Final
5 pages
Data Sheet - Nessus Professional-Aug17
100% (1)
Data Sheet - Nessus Professional-Aug17
2 pages
Corrosion
100% (4)
Corrosion
11 pages
Nessus Professional
No ratings yet
Nessus Professional
2 pages
Nessus Professional Vulnerability Scanner Complete Vulnerability Coverage
No ratings yet
Nessus Professional Vulnerability Scanner Complete Vulnerability Coverage
2 pages
Modern Vulnerability Management Key Benefits: Eliminate Blind Spots
No ratings yet
Modern Vulnerability Management Key Benefits: Eliminate Blind Spots
2 pages
Sessional Marks (Theory)
0% (1)
Sessional Marks (Theory)
1 page
Standard PDI G102
No ratings yet
Standard PDI G102
8 pages
Delta Neutral Vega Long
No ratings yet
Delta Neutral Vega Long
6 pages
Residential Plots For Sale in Wadakpally - Bheeramguda
No ratings yet
Residential Plots For Sale in Wadakpally - Bheeramguda
2 pages
Our Annual List of Must-Have Wines.: by The Editors of Wine Enthusiast Magazine
100% (1)
Our Annual List of Must-Have Wines.: by The Editors of Wine Enthusiast Magazine
10 pages
A Micro-Service Strategy With Your Internal ServiceNow Instance - Architects - ServiceNow Community
No ratings yet
A Micro-Service Strategy With Your Internal ServiceNow Instance - Architects - ServiceNow Community
3 pages
Query Optimization in Object Oriented Databases Through Detecting Independent Subqueries
No ratings yet
Query Optimization in Object Oriented Databases Through Detecting Independent Subqueries
5 pages
Fall of Dhaka
100% (4)
Fall of Dhaka
4 pages
IBM WebSphere Application Server Interview Questions You'll Most Likely Be Asked
From Everand
IBM WebSphere Application Server Interview Questions You'll Most Likely Be Asked
Vibrant Publishers
No ratings yet