Upgrade to 4.x.x Tenable Applications

Step 1: Upgrade the Applications

While the upgrade is seamless from an application perspective, we have moved from a custom CI matching/create engine to the ServiceNow Identification Reconciliation Engine (IRE). This change means that you must first understand IRE and plan for testing to ensure that IRE works as expected before upgrading production and/or vulnerability data.

Two major items take place during application upgrade:

  • All CIs that are in the Assets Pending Approval class are moved to one of the following new ServiceNow classes:
    • Unclassified Hardware
    • Incomplete IP

    This allows Tenable to utilize out-of-the-box CI classes and remove our custom CI classes in subsequent versions of the application.

  • The upgrade generates IRE payloads for every CI with Tenable asset attributes. This ensures that any previous matches continue working as they did prior to the upgrade.

While IRE provides a standardized engine for bringing third-party asset data into ServiceNow, there are some limitations in IRE. These limitations are not specific to Tenable or Tenable data, but rather are part of the design/functionality of the IRE. You must extensively test and tune how Tenable assets are brought in using IRE. If you have questions or need assistance with tuning IRE, please contact your ServiceNow representative.

It is important that every unique Tenable asset translates to a unique CI in ServiceNow. Otherwise, you are guaranteed to lose Tenable vulnerability data when it imports into ServiceNow.

Moving forward, be sure to follow the Asset application setup procedures. For more information, see the IRE Rules instructions in the Assets Configuration section.

Step 2: Review the Upgrade History and Resolve Conflicts

If there are problems with your upgrade, you must review the Upgrade History and manually resolve any conflicts.

To manually resolve conflicts with your upgrade:

  1. Log in to ServiceNow.

  2. In the left panel, in the Filter Navigator, type "Upgrade History".

  3. Click Upgrade History.

    The Upgrade History page appears.

  4. In the To box, type "x_tsirm*".

  5. On your keyboard, press Enter.

    A list of system upgrades appears.

  6. Locate item in the list with a value in the Change skipped column.

  7. For each of these items, in the From column, click n/a.

  8. Manually review and merge each skipped change.

Note: When opening a support case, you must provide proof that the above steps have been completed, as most issues revolve around the incorrect completion of these steps.

Step 3: Delete Leftover Artifacts

Occasionally, older application files, or artifacts, may not get deleted even after performing the tasks in Step 2: Review the Upgrade History and Resolve Conflicts. If you encounter this problem, view this Knowledge Base article to manually delete any leftover artifacts.

Note: When opening a support case, you must provide the output of this script, as most issues revolve around the incorrect completion of this step.