Phase 5: Workflow & Integration Enablement

Connect Tenable Vulnerability Management to your IT Service Management (ITSM) platform and define the Service Level Agreement (SLA) process to mobilize the discovery-to-remediation workflow.

Expected Outcomes

During this phase, you mobilize the remediation effort by connecting security findings to the patching workflow. This includes:

• Generating API keys for ITSM integrations (for example, ServiceNow or Jira). For more information, see API Keys.

• Documenting Exposure Response workflows to outline the steps for investigation and remediation.

• Setting automated accept or recast rules for vulnerabilities with mitigating controls. For more information, see Recast and Accept Rules.

• Granting remediation teams access to the Tenable Vulnerability Management dashboards.

Why This Is Important

Security identifies the risk, but IT remediates it. This phase mobilizes the remediation effort. Automation via Jira or ServiceNow reduces friction between teams and speeds up the MTTR by clearly defining the Exposure Response process.

Verification

Verify the success of this phase by confirming the following:

• A critical vulnerability in Tenable Vulnerability Management automatically generates a ticket in your ITSM tool.

• Relevant security and IT teams formally review, communicate, and acknowledge the documented Exposure Response workflow.

What to do next:

Optimize the platform settings in Phase 6: Validation & Tuning.