Tenable for ITSM

Tenable for IT Service Management (ITSM) provides you with the ability to import Tenable vulnerability findings and transform them into ServiceNow incidents without the need for ServiceNow Vulnerability Response. This helps you move from manual email and spreadsheet processes to a repeatable workflow in ServiceNow. As your needs expand or you need more flexibility and customization, you can easily transition to Vulnerability Response.

The Tenable ITSM Process

Tenable for ITSM uses Tenable for Assets to find the correct asset/CI to link a vulnerability to. It is important that you completely test and tune Tenable for assets before configuring Tenable for ITSM. Tenable for ITSM uses the connector you specify to download vulnerabilities and create them in a custom ServiceNow table. The application uses configurable incident rules to create ServiceNow incidents for each vulnerability to be used by IT administrators to assign remediation work to their teams.

The application creates vulnerabilities as follows:

  • The Tenable ITSM app uses the Tenable for Assets app to match vulnerable assets to ServiceNow CI’s.

  • For every high and critical vulnerability finding, it creates a unique vulnerability entry in the Tenable ITSM app.

  • Unique vulnerability entries are determined by coalescing on ServiceNow CI, plugin id, port, and protocol.

  • If a vulnerability is fixed in Tenable, both the vulnerability and incident close in ServiceNow.

  • If a vulnerability is closed manually, but found in the future, Tenable reopens the vulnerability and incident in ServiceNow.

The application can create incidents as follows:

  • You can manually create a ServiceNow incident from the vulnerability form.

  • You can create incident rules to automatically spawn incidents:

    • Use the selector form for simple rule creation using asset fields and values.

    • Use advanced scripting to manipulate data for more granular selection.