Poll: InsightVM Remediation Project / ServiceNow Ticketing Integration

Greetings! For those that use the ServiceNow integration with Remediation Projects for automated ticketing, please vote:

ServiceNow / Remediation Project Integration Usage
  • Considering to use it
  • Don’t use it and we don’t have ServiceNow
  • No longer use it, stopped for lack of value or complexity
  • Use it, love it, and brings a ton of value
  • Use it, but it’s not perfect, buggy, or lacks features
0 voters

Hi, we use the remediation project integration with servicenow. We are running into a few issues. There are times that InsightVM thinks that the ServiceNOW ticket is still open when in truth it is very much closed. We are still a bit unclear why this is the case. Because it thinks it’s open it runs into issues when trying to comment on these tickets because when the ticket becomes closed it becomes read only. We need a way to force it to recheck the servicenow status (or just for it to do this regularly). Any tips?

1 Like

For us, we are doing a POC of it and it has several major shortcomings.

  • The quantity of syntax variable to do field mappings is very limited. There is no variables for most common vulnerability data (i.e. CVSS, Severity, published/modified date, first found, last observed, etc.)
  • The affected vulnerable assets to a given remediation project solution is CSV text into a given ServiceNow field, for us it was the Description field.

We are developing a new custom field on the ServiceNow side to accept the $ASSET_NAME_LIST. Then ServiceNow will export the contents of the field and create a CSV file from it, then attach it to the ticket. What a PIA!

How can R7 only provide these syntax variables for a vulnerability/solution, incomplete if you ask me.

1 Like

Update on my struggles with this integration…

I have been blocked by the inability to edit or delete the existing ServiceNow integration connection in InsightVM. My R7 support case is not getting enough traction over the last three weeks :-/

It states I cannot edit or delete the existing connection due to dependent R7 Remediation Projects, BUT when no Remediation Projects show ticketing integration is enabled (with ticket icon either)…

Hey, I have it working. Although each time I want to change my R7 Connection i actually need to remove the Project and restart it. Problematic because I already have 20+ Tickets in SNOW that i would need to remove. Happy to discuss with you how we can potentially get it to work.

The issue I have at the moment that I would like to resolve is that I am trying to get IVM to close the SNOW ticket. For example, if a cumulative update comes out. Logs our ticket into SNOW but once its automatically updated overnight we want the ticket to close on the next scan of IVM.

Thanks

James

1 Like

Tend to see duplicate tickets getting opened for solutions. If we modify the integration, it will create a new ticket even if the previous one is already open.

1 Like

So InsightVM is not auto closing the SNOW ticket once it shows all affected assets are completed for the solution and it closes in the Remediation Project?
I was under the impression this was a feature…

Thank you for letting me know. There should not be a need to modify the integration once its setup, unless the SNOW environment changes, right?

We updated the ticket assignment to myself for tickets that don’t meet the other criteria, when i did that, all tickets that were assigned to my coworker got duplicated. Now if I close a duplicate, it opens a new ticket saying the work isn’t finished…so I’m holding at least 6 tickets open until the tickets worked are finished.

Thank you ALL for voting!
Your sentiments align with my findings as well and the fact that we couldn’t even get past the PoC and UAT phases for this integration.
I will propose that we abort as well.
I do hope R7 fixes all the issues with it and also provides a new integration with Azure DevOps for work items creation/closure for vuln remediation tracking.