Hi! please has anyone work on creating dashboards for various departments, if yes, how effective is it. secondly, i wish to link insightvm to ServiceNow, any idea on this.
Thanks
I Tag my Assets with the Owner Tag that correlates to our ServiceNow Owners.
I then have my Remediation projects and Reports using these Tags.
This allows me to easily create ServiceNow tickets based on the Remediation Projects.
This seems to be working pretty well for me.
The hardest part is differentiating OS vulnerabilities vs App Team vulnerabilities, but I have an enhancement request to make this easier.
2 Likes
Thank you, I need more idea on how to go about it as Our insightvm is not connected to service now
I started out doing this with scripts, but then converted it to an ICON Workflow because of the simplicity of the plugins. We are not currently opening tickets from IVM yet (even though we proved we could in a POC, we just need to get in a better place with IVM so we don’t flood teams with ServiceNow tickets)
Pulling this information will greatly depend on how you have your data defined in ServiceNow, but I have two workflows.
- There is an ICON trigger for new Assets found, this workflow queries ServiceNow to see if there is an Owner defined and Tags the Asset appropriately.
- I have a workflow that runs once a week and pulls all the Assets that do not have an Owner Tagged in IVM (
{"match":"all","filters":[{"field":"owner-tag","operator":"is-not-applied"},{"field":"host-name","operator":"is-not-empty"}]}), then I loop through those looking to see if it is Defined in ServiceNow.
One issue I haven’t worked out is if a CI changes Ownership in ServiceNow, current process would be to delete the Tag in IVM and wait for the next run. I do this because I do not want to loop through all our Assets all at once because of load.
Remediation Projects and Reports are built for each ServiceNow Team by asset.tags IN ['<ServiceNow Team>'] with reports emailed to that Team’s distribution list
Hopefully that will get you started.
Thanks, Brandon!
Yes! Yes ! Yes !
I have this burden of slicing and dicing things in a way were cloud engineering team will manage operating system vulnerabilities, and app teams will manage app vulns / dependencies.
This made my day. Thanks for that. Hope this comes soon!
Cheers.
This would be HUGE! Our current method is to pull the vulnerability category data from the data warehouse, assign them and APP or OS value. I then use the vulnerability category values for each APP/OS tag to build queries for the respective team dashboards and remediation projects.
It’s a lot of work (and isn’t perfect), but our operational teams really appreciate the cleaner focus on just the vulnerabilities they “own.”