Cisco Vulnerability Management’s ticketing integrations allow customers to take advantage of our powerful prioritization and reporting platform to streamline your remediation workflow and ensure that you’re able to close the vulnerabilities that Cisco Vulnerability Managementprioritizes for you. With the ServiceNow Ticketing Integration, you can choose between the Incidents table or the Requests table. This guide will help you get up and running.
Adding the ServiceNow Ticketing Connector
Data Flow between Cisco Vulnerability Management and ServiceNow Ticketing
Advanced Options/Custom Templates
Adding the ServiceNow Ticketing Connector
Data flow between Cisco Vulnerability Management and ServiceNow requires the configuration of the ServiceNow Connector in Cisco Vulnerability Management. The first step is to add the Service Now Ticketing Connector from the connectors tab and configure it with your credentials. When first setting up and testing the ServiceNow Ticketing Connector, it is recommended that customers use the default template.
Important: Regardless of the template being used, ensure the user account has access to the desired templates through user/group setting or by setting the template to Global.
Important: The user account must have read/write access to the Incidents table and the ITIL role or equivalent is recommended. Additionally, the user account must also have read access to the sys_choice table.
Information required to configure the connector includes:
- Username
- Password
- ServiceNow host
After entering the Username, Password and Host information, click Save And Verify to save the connector. The image below shows the ServiceNow connector configuration window.
Creating a ServiceNow Ticket
Tickets can be created to either address a vulnerability (or set of vulnerabilities) or apply a fix directly in Cisco Vulnerability Management. You can create tickets from both the Vulnerabilities tab and the Fixes tab Select by selecting the checkbox to the left of the item, and clicking the ServiceNow Incident Ticket button, which will appear next to the tabs within explorer view.
ServiceNow Tickets can also be created for any Top Fix group using the same button which will appear after your connector is created. The ServiceNow ticket will be created for the Top Fix Group which is currently shown on the screen and each group may contain up to 3 fixes, all of which will included in the ServiceNow Incident.
Once you click to create a new ticket, the ServiceNow dialog box will pop up and display a standard set of fields with choice values loaded from your specific ServiceNow instance. Users can select data for any of the fields. Short Description and Description are pre-populated with the appropriate vulnerability or fix data.
Whether the ServiceNow ticket creation is initiated from Vulnerabilities, Fix or Fix Groups, incident metadata becomes specifically tied to the associated vulnerabilities. Visually that is displayed in Cisco Vulnerability Management in multiple ways. First, any vulnerability with an associated ticket will show an orange “pill” on the Vulnerabilities tab.
The specific ServiceNow Incident number is displayed on the Vulnerability Details page for the vulnerability. To get to the Vulnerability Details page, click on the vulnerability name or the blue carat to see the details on a vulnerability from the Vulnerabilities tab.
Incident details are at the bottom right hand side of the vulnerability detail page. When you click the link to “View Incident”, you will be directed to the Incident Ticket in your ServiceNow instance.
Data Flow between Cisco Vulnerability Management and ServiceNow Ticketing
Data flow between Cisco Vulnerability Management and ServiceNow is somewhat bi-directional. Tickets in ServiceNow are populated with asset, vulnerability, and fix information from Cisco Vulnerability Management. A nightly data sync will pull in the service ticket number and ticket status from ServiceNow but will not update the vulnerability status in Cisco Vulnerability Management. Therefore, status changes of Open/Closed/Deleted made to a ticket in ServiceNow as part of the remediation workflow are synced back to Cisco Vulnerability Management, however, any vulnerabilities associated with the ticket will not be marked as closed until data is retrieved from the scanning platform confirming the vulnerability is fixed. Once the ticket has been created in ServiceNow a notification bar will appear at the top of the page with the incident number which is a link to the new ticket in ServiceNow.
ServiceNow ticket data is fully accessible from with Cisco Vulnerability Management and can be used as filter criteria from the right hand search pane in the explorer view as shown below.
Advanced Options/Custom Templates
The Cisco Vulnerability Management SeviceNow Ticketing integration is built on the default Incidents table in ServiceNow, but we can use other tables such as the Change, Problem, or Requests table. To use a different table, you will need to provide the table name to you Customer Experience team to configure. Regardless of which table you choose, the default fields will be based on the Incidents table and currently cannot be changed. The following are the default fields Cisco Vulnerability Management will bring in:
| Category | Caller |
| Subcategory | Assignment Group |
| Impact | Assign To |
| Urgency | Short Description |
| Priority | Description |
Cisco Vulnerability Management will connect to ServiceNow to retrieve the list of available choices for each of the listed fields and display them in the form presented to the Cisco Vulnerability Management user. The options displayed for each field will be retrieved from the Incident table first and then from the Tasks table if choices are not defined on the Incidents table. Changes to the choices should be made in the Tables section of ServiceNow. If you would like to increase the character limit for the description field, this can be increased up to 4,000 characters.
To ensure efficient and effective integration of Cisco Vulnerability Management into your existing operational process, custom templates can be developed and used within the Cisco Vulnerability Management environment. Custom templates allow for preselected values to be set for Cisco Vulnerability Management created tickets, saving users the time of having to find and select values for each of the fields. Example: If 90% of your tickets will have the same Category, Subcategory and Assignment Group, you can create a custom template which will prevent users from having to select those values every time they enter a ticket.
The form that displays in Cisco Vulnerability Management based on the above template will display “ServiceNow Template Preset” text for each of the fields where the user is not required to make a selection however, the full list of choices is available should the user need to make a non-standard selection.
Additional static fields can be added to the custom template but they will not be displayed to users as selectable fields, instead will be listed as “Additional Preset Fields” at the bottom of the form for information purposes only. For example, this False Positive template has a number of preset fields at the bottom.
Note: Short Description and Description fields should NOT be included on custom templates as it will interfere with Cisco Vulnerability Management’s ability to save the appropriate vulnerability and fix data to those fields.
Additional Assistance
Troubleshooting Tips:
- If fields on your template never change from the status “Loading…”, try adding choice values specifically on the Incident table in addition to the definition on the Tasks table.
- Template cache is refreshed hourly. During iterative testing of templates you will need to delete and re-add the ServiceNow Connector if you want to see template changes immediately. No ticket data will be removed from vulnerabilities in spite of any warnings suggesting otherwise.
Please contact Support should you require any additional assistance with the ServiceNow Connector.
Comments
Please sign in to leave a comment.