Hi, we use the remediation project integration with servicenow. We are running into a few issues. There are times that InsightVM thinks that the ServiceNOW ticket is still open when in truth it is very much closed. We are still a bit unclear why this is the case. Because it thinks it’s open it runs into issues when trying to comment on these tickets because when the ticket becomes closed it becomes read only. We need a way to force it to recheck the servicenow status (or just for it to do this regularly). Any tips?
For us, we are doing a POC of it and it has several major shortcomings.
The quantity of syntax variable to do field mappings is very limited. There is no variables for most common vulnerability data (i.e. CVSS, Severity, published/modified date, first found, last observed, etc.)
The affected vulnerable assets to a given remediation project solution is CSV text into a given ServiceNow field, for us it was the Description field.
We are developing a new custom field on the ServiceNow side to accept the $ASSET_NAME_LIST. Then ServiceNow will export the contents of the field and create a CSV file from it, then attach it to the ticket. What a PIA!
How can R7 only provide these syntax variables for a vulnerability/solution, incomplete if you ask me.
I have been blocked by the inability to edit or delete the existing ServiceNow integration connection in InsightVM. My R7 support case is not getting enough traction over the last three weeks :-/
It states I cannot edit or delete the existing connection due to dependent R7 Remediation Projects, BUT when no Remediation Projects show ticketing integration is enabled (with ticket icon either)…
Hey, I have it working. Although each time I want to change my R7 Connection i actually need to remove the Project and restart it. Problematic because I already have 20+ Tickets in SNOW that i would need to remove. Happy to discuss with you how we can potentially get it to work.
The issue I have at the moment that I would like to resolve is that I am trying to get IVM to close the SNOW ticket. For example, if a cumulative update comes out. Logs our ticket into SNOW but once its automatically updated overnight we want the ticket to close on the next scan of IVM.
Tend to see duplicate tickets getting opened for solutions. If we modify the integration, it will create a new ticket even if the previous one is already open.
So InsightVM is not auto closing the SNOW ticket once it shows all affected assets are completed for the solution and it closes in the Remediation Project?
I was under the impression this was a feature…
We updated the ticket assignment to myself for tickets that don’t meet the other criteria, when i did that, all tickets that were assigned to my coworker got duplicated. Now if I close a duplicate, it opens a new ticket saying the work isn’t finished…so I’m holding at least 6 tickets open until the tickets worked are finished.
Thank you ALL for voting!
Your sentiments align with my findings as well and the fact that we couldn’t even get past the PoC and UAT phases for this integration.
I will propose that we abort as well.
I do hope R7 fixes all the issues with it and also provides a new integration with Azure DevOps for work items creation/closure for vuln remediation tracking.