Has anyone had any successful implementation of InsightVM and ServiceNow for the purpose of creating ServiceNow tickets through InsightVM projects? We’re getting the tickets to open initially, but status changes to the tickets don’t change the status of IVM projects. And changes to the projects don’t close the ServiceNow tickets. I haven’t been able to get a solid answer on how it’s even actually supposed to work. We only have ServiceNow and InsightVM.
Has anyone out there successfully integrated InsightVM with ServiceNow so that InsightVM gets updated when ticket status changes (closed)?
Changes to remediation project solutions in InsightVM do not automatically close tickets in ServiceNow, but changes to the tickets should update the solution status in the projects according to the status mappings set within InsightVM. If the InsightVM solution statuses are not updating in accordance with the mappings, the Rapid7 support team should investigate.
This is how the integration should be working:
Using the above mappings, if a ticket (incident) is set to Closed in ServiceNow, the associated solution within the remediation project in InsightVM will update to Awaiting Verification. Upon re-assessment, if the remediation was successful, the solution will then update to Closed.
Please note that the only Remediation Solution status mappings that can be updated via ticketing are Awaiting Verification and Will Not Fix. The other solution statuses (Open, Re-open and Closed) are automatically set by InsightVM when appropriate. You can also set multiple ticketing statuses per each solution status (i.e. Closed and Done may both map to Awaiting Verification), depending on how many options are available in ServiceNow. InsightVM used the incident_state labels, so custom values can be used as well.
We have our solution status mappings all setup, and have created test tickets using remediation projects. The tickets get created in SN just fine, but when we change the status in SN to one of the mapped statuses, InsightVM never changes. We opened a ticket with Rapid7 months ago but it has gone nowhere.
IMHO the “ticketing integration” component is lacking.
If you really want the true functionality that just works you need the full SOC module from SNOW.
prepare yourself for a scary number and follow up implementation cost.
Anyone that has implemented the ticketing integration between insightvm and servicenow. When you assign a ticketing connection to a goal or remediation project. Are we able to create tickets for individual systems, or is it all systems in one ticket, and that is how it is?
I have the connection up and creating tickets but if i wanted to assign it to a single person I am unable to since the systems listed belong to multiple folks.
Any “insight” is appreciated!
Hey Jake - Remediation project ticketing will create a single ticket per solution, per assignee. You cannot bundle multiple solutions into a single ticket, but you can use ‘Assignment Rules’ within the ticketing configuration to control who gets what in terms of tickets. This is a pretty basic example to show the rules, but you could also use asset names, vuln criteria, types, tags, etc. to send tickets to the appropriate teams.
Do you have an idea of asset or vuln criteria that we could use to assign it to the appropriate folks on your teams?
Thanks for replying, Justin. I think my question hasnt been answered, or maybe I am not quite understanding here. With the solution based ticketing :
Are we able to create a solution ticket targeting a single asset with a vulnerability?
eg. a remediation solution would be to disable ssl/tls on asset “abc123”
@jake_sturk You could set up a project that has a very specific vulnerability filter (eg. disable ssl/tls) and a very specific asset filter (eg hostname is abc123). This will result in a solution ticket that is very narrow in scope. This might be a good one-off approach; however, I think most recommendations would be to have a bit broader scope as the projects will then be easier to manage.
One example would be a vulnerability filter (eg diable ssl/tls) with a broader asset scope (eg assets of tag) and then you can define assignment rules (optional) to have different groupings of solution based tickets based on who the ticket should be assigned to. That way assignee X will get a single solution ticket for all devices they own.
Hope this helps!