TOC & Recently Viewed

Recently Viewed Topics

Tenable for ITSM

Note:Tenable does not support Domain Separation because it requires data management at the individual domain level of a multi-level domain. Domain Separation is a specialty product for ServiceNow and the Tenable app suite features a single un-layered domain for the average enterprise implementation.

Tenable for IT Service Management (ITSM) provides the ability to import Tenable vulnerability findings and transform them into ServiceNow incidents without the need for ServiceNow Vulnerability Response. This feature provides a great starting point to move from manual email and spreadsheet processes to a repeatable workflow in ServiceNow. As your needs expand or you need more flexibility and customization, you can easily transition to Vulnerability Response.

The Process

Tenable for ITSM imports plugin data from Tenable using Tenable for Assets. It matches ServiceNow configuration items (CI's) with Tenable plugins to create Tenable vulnerabilities in a custom ServiceNow table. The application uses configurable incident rules to create ServiceNow incidents for each vulnerability that can be used by IT administrators to assign remediation work to their teams.

The application creates vulnerabilities as follows:

  • The Tenable ITSM app uses the Tenable for Assets app to match vulnerable assets to ServiceNow CI’s.

  • For every high and critical vulnerability finding, Tenable creates a unique vulnerability entry in the Tenable ITSM app.

  • Unique vulnerability entries are determined by coalescing on ServiceNow CI, plugin id, port and protocol.

  • If a vulnerability is fixed in Tenable, both the vulnerability and incident close in ServiceNow.

  • If a vulnerability is manually closed, but is found in the future, Tenable reopens the vulnerability and incident in ServiceNow.

The application creates incidents as follows:

  • You can manually create a ServiceNow incident from the vulnerability form.

  • You can create incident rules to automatically spawn incidents:

    • The selector form allows simple rule creation using asset field and values.

    • Use advanced scripting to manipulate data for more granular selection.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.