Vulnerability Response App v1.1.0 for ServiceNow - User Guide

Overview

The VMware Carbon Black ServiceNow Vulnerability Response Application ingests vulnerabilities from the VMware Carbon Black Cloud platform. A Vulnerable Item is created from this fetched vulnerability and the configuration item. Vulnerabilities are retrieved from the Carbon Black Cloud platform when the Vulnerability Response app has an active configuration profile.

For the most complete information about endpoints, configuration items in ServiceNow, enable Asset Inventory Ingestion.

Roles and Permissions

For all actions described in this user guide, the VMware CBC Analyst (x_vmw_cb_connector.analyst) role is required.

Configuration of the application, including of profiles, requires VMware CBC Admin (x_vmw_cb_connector.admin). Details on Roles and Users are on the Configuration page.

View Vulnerabilities

Vulnerabilities are created in the National Vulnerabilities Database (NVD) table.

  • To view vulnerabilities, navigate “Vulnerability Response” > “Libraries” > “NVD”.

  • Open the Vulnerability record to view the vulnerability information such as ID, Risk rating, Risk Score, Severity and Summary.

  • Vulnerability Details can also be viewed from the “Vulnerability Details” tab.

  • Vulnerable items associated with the current vulnerability can be viewed by clicking on the “Vulnerable Items” tab present in the National Vulnerability Database Entries (NVD).

  • Navigate to “Vulnerability Response” > “Vulnerable Items” > “All” to view created Vulnerable Items.

  • Open any record in order to view details of the Vulnerable Item.

  • Click on the information icon of the Vulnerability field to view the Vulnerability associated with the vulnerable item.

  • Click on the information icon of the Configuration Item field to view the affected asset associated with the vulnerable item.

  • Configuration Item is displayed.

  • Navigate to the Vulnerability tab to view details of the vulnerability associated with it.

  • Navigate to Notes tab to view “NVD Link”. It will be visible in the activities section.

  • Click on the link to open Vulnerability record.

Domain Separation (Multi-tenancy)

  • Use the Domain Separation feature to isolate Carbon Black Cloud data from different organizations and manage access controls.
  • You must activate the Domain Support - Domain Extensions Installer plugin to use this feature.
  • Use the Domain Separation feature to create child domains and assign users to a specific domain.
  • Users can have multiple child domains assigned to a Parent domain.
  • Each child domains can have separate Configuration Profiles with different alert records.

Support and Resources


Last modified on February 28, 2024