Howdy,
Have been having a play with the ServiceNow CMDB integration the last few days and had some possible improvements that would make it a lot nicer to use.
When bringing in devices it seems the Rapid7 ID is used and we found this replacing the serial field of devices where it was doing a merge. It would be great if this was an option field as there isn’t a lot of use for us to keep this Rapid7 ID in another system.
The default format of Risk score, vulnerabilities etc are all strings. This means we can easily sort of run functions to sum these values since they aren’t numbers, we are needing to create new fields and converting them to integer. If these values are only ever going to be a number from Rapid7 side, it would make sense the integration creates the field as a number as well.
Another point was the fixed usage of hostname. Our CMDB doesnt currently use the NAME.DOMAIN format that Rapid7 hostname appears as.
Having the ability to choose the name or alias of the device would be handy. We also found the alias did not come through at all in the connection so was not able to use this, we had to write a function to do a trim on the first period in the name to match the name for the CIs.
Also having the ability to choose if we want all the vulnerability counts etc to be populated would be nice as in some tables we may just want to feed back discovered devices and not necessarily all the information.
Finally, and although not related to InsightVM, it would be great to have the ability to bring in discovered resources from InsightCloudSec as well so that a better view of systems and all the related assets can be centralised. I could not find any integrations for CloudSec currently and it appears we would have to write something custom to use the API to pull resources and then try and push to ServiceNow.
Thanks,