ITSM Configuration and Schedule Import

This section describes how to configure Tenable for ITSM.

Note: The ServiceNow configuration only supports Tenable Security Center versions 5.7 and later.

The ITSM integration configuration allows ServiceNow to poll and retrieve vulnerability data from Tenable Vulnerability Management/Tenable Security Center.

Before you begin:

In ServiceNow, you must have the x_tsirm_tio_itsm.admin role to complete the setup.

Note: Configure and tune Service Graph Connector for Tenable for Assets to match Tenable Assets with ServiceNow CIs. If you do not do this first, you may have issues with ITSM.

To set up the ITSM integration configuration, you must:

Create the ServiceNow and Tenable for ITSM Connector

  1. Log in to ServiceNow.
  2. In the left-hand menu, click Tenable Connector.
  3. In the sub-menu, click Connectors.

    The Tenable Connectors page appears.

  4. Click the Tenable connector you want to use: Tenable.io or Tenable Security Center.

    The Tenable Connector page appears.

  5. In the Scheduled Jobs section, click New.

    The Tenable Scheduled Import page appears. By default, the Tenable Product and Connector fields populate with the Tenable application/connector you selected in step 4.

  6. From the Tenable Application drop-down box, select Tenable for ITSM.

    Tenable Vulnerability Management

    Tenable Security Center

  7. If you are in a domain-separated environment, the Domain is set to the same value that is on the Connector record. If this value is not correct, create a new connector record in the correct domain.

  8. In the Name text box, type a name for the import.
  9. Configure the options for your import.

    Option Description
    T.sc Query (Only for Tenable Security Center) The Tenable Security Center query used for the import or export.
    Initial Run - Historical Data The amount of time (in days) of how far back you want to pull data.
    Last Run The date and time that the open/reopened import was last run.
    Last Run - Fixed The date and time that the fixed import was last run.
    Run Fixed Query on Initial Run Pulls fixed vulnerabilities on the first import. By default, this is set to deselected.
    Active If selected, an asset sync is automatically queued when you submit the import or export. Default setting: selected.
    Included Severities Specify the severities you want to be imported. By default, this is set to High, Critical
    Schedule  

    Edit Run Schedule

    Select this to edit the Run Type and Repeat Interval / Time

    Run Type

    The frequency with which you want the import to run.

    Repeat Interval / Time The set time (hh/mm/ss) to run the import.
  10. Click Update.

Create an Incident Rule

Create and enable Incident Rules so that the integration can create incidents. By default, a disabled example rule comes with the application.

  1. From the left navigation pane, navigate to Tenable for ITSMConfiguration > Incident Rules.

    The Incident Rules page appears.

  2. Click New.

    The New record page appears.

  3. In the Name text box, type a name for the matching rule.
  4. Select the Active check box.
  5. (Option 1) If you want to use scripting to create this rule, click the Advanced check box, and type the desired script. Refer to the default rule provided for an example script.

  6. (Option 2) In the Vuln Import field text box, select the appropriate asset field for the rule.
  7. (Option 2) In the Operator text box, select the appropriate operator for the rule.
  8. (Option 2) In the Value text box, type the value for the rule.
  9. To reorder the incident rule, update the value in the Order text box. Incident rules run in ascending order (lowest to highest).

    If you are in a domain-separated environment, the incident rule is created in the current domain.

  10. Click Submit.

Plugins

To view plugins:

  • Navigate to Tenable for ITSMPlugins.

Vulnerabilities

To view vulnerabilities:

  • Navigate to Tenable for ITSMVulnerabilities.

Incidents

To view incidents:

  • Navigate to Tenable for ITSMIncidents.