Tenable for ITSM

Tenable for IT Service Management (ITSM) provides you with the ability to import Tenable vulnerability findings and transform them into ServiceNow incidents without the need for ServiceNow Vulnerability Response. This helps you move from manual email and spreadsheet processes to a repeatable workflow in ServiceNow.

The Tenable ITSM Process

Tenable for ITSM uses Service Graph Connector for Tenable for Assets to find the correct asset/CI to link a vulnerability to. It is important that you completely test and tune Service Graph Connector for Tenable for Assets before configuring Tenable for ITSM. Tenable for ITSM uses the connector you specify to download vulnerabilities and create them in a custom ServiceNow table. The application uses configurable incident rules to create ServiceNow incidents for each vulnerability to be used by IT administrators to assign remediation work to their teams.

The application creates vulnerabilities as follows:

  • The Tenable ITSM app uses the Service Graph Connector for Tenable for Assets app to match vulnerable assets to ServiceNow CI’s.

  • For every vulnerability finding, it creates a unique vulnerability entry in the Tenable ITSM app.

  • Coalescing on ServiceNow CI, plugin id, port, and protocols determine unique vulnerability entries.

  • If a vulnerability is fixed in Tenable, both the vulnerability and incident close in ServiceNow.

  • If a vulnerability is closed manually, but found in the future, Tenable reopens the vulnerability and incident in ServiceNow.

The application can create incidents as follows:

  • You can manually create a ServiceNow incident from the vulnerability form.

  • You can create incident rules to automatically spawn incidents:

    • Use the selector form for simple rule creation using asset fields and values.

    • Use advanced scripting to manipulate data for more granular selection.