Tenable for ITSM

Note:Tenable does not, currently, support Domain Separation in the Tenable for ITSM application.

Tenable for IT Service Management (ITSM) provides the ability to import Tenable vulnerability findings and transform them into ServiceNow incidents without the need for ServiceNow Vulnerability Response. This feature provides a great starting point to move from manual email and spreadsheet processes to a repeatable workflow in ServiceNow. As your needs expand or you need more flexibility and customization, you can easily transition to Vulnerability Response.

The Process

Tenable for ITSM uses Tenable for Assets to find the correct asset/CI to link a vulnerability to. It is extremely important that you completely test and tune Tenable for assets before configuring Tenable for ITSM. Tenable for ITSM uses the connector you specify to download vulnerabilities and create them in a custom ServiceNow table. The application uses configurable incident rules to create ServiceNow incidents for each vulnerability that can be used by IT administrators to assign remediation work to their teams.

The application creates vulnerabilities as follows:

  • The Tenable ITSM app uses the Tenable for Assets app to match vulnerable assets to ServiceNow CI’s.

  • For every high and critical vulnerability finding, it creates a unique vulnerability entry in the Tenable ITSM app.

  • Unique vulnerability entries are determined by coalescing on ServiceNow CI, plugin id, port and protocol.

  • If a vulnerability is fixed in Tenable, both the vulnerability and incident close in ServiceNow.

  • If a vulnerability is manually closed, but is found in the future, Tenable reopens the vulnerability and incident in ServiceNow.

The application can create incidents as follows:

  • You can manually create a ServiceNow incident from the vulnerability form.

  • You can create incident rules to automatically spawn incidents:

    • The selector form allows simple rule creation using asset fields and values.

    • Use advanced scripting to manipulate data for more granular selection.