The ServiceNow ticketing integration with InsightVM Remediation Projects is not at all useful, or workable with other teams when it simply smashes ALL the vulnerable assets in the description field within ServiceNow as text separated by commas, ESPECIALLY if you have hundreds to thousands of affected assets.
How can I get Rapid7 to instead attach the vulnerable asset list as a CSV attachment to the ServiceNow ticket it creates?
I found the same thing, was hopeful when I saw this option, but was disappointed with execution.
I opened an R7 support case of this major shortcoming as well. Hereās my response to theirs:
Me:
So there is no workaround for this major shortcoming with attaching vulnerable assets to the SNow ticket?
If so, what is the ETA on the feature you think?
Thinking about this moreā¦how is it even workable if a solution in a remediation project has 2,000 affected assetsā¦will they even get āsmashedā into the SNow description field, and how can anyone review that ticket effectively???
Created By : Gary xxxxx 10/14/2024, 10:27
Hi Lee,
Following up on this, deleting the asset list ($ASSET_NAME_LIST) will more than likely run into errors looking into the logic of how data is pulled into the SNow ticket. There is already an enhancement request open for the ability to export as CSV directly to SNow that I have attached this support case to.
One thing I found (at least with Jira) is that if you remediated some of the assets, it doesnāt remove them from the ticket. It just opens a ticket for you, but didnāt provide any update synchronization.
Thatās unfortunate. We previously had JIRA with Tenable integration for ticketing and it worked well. Tenable created a parent ticket for the vulnerability and then sub-tickets for each asset that was affected by the vulnerability. As Tenable mitigated the vulnerabilities, it closed out the JIRA sub-tickets and once all were closed, the parent ticket was auto-closed as well.
From what Iāve seen with the Rapid7 & ServiceNow ticketing integration, itās not at all useful for us when it jams all the affected assets in the description field as CSV. This is not at all helpful and it should be an attached CSV file at the very least.
Update on my R7 case for this:
Completely agree with you on this one, unfortunately itās just a limitation of the product at the moment. Thereās no current determined date for when the project will be implemented into the product but Iām happy to attach the enhancement request to this support ticket and provide you with a reference with the IDEA ticket number!
Instead of waiting for this feature request, I am working with our ServiceNow dev team to create a new custom ticket field, which will hold the variable ā$ASSET_NAME_LISTā, then a custom function on the ServiceNow side to pull the text of the field and add it to a CSV to be auto-attached to the associated ticket.