Has anyone had any successful implementation of InsightVM and ServiceNow for the purpose of creating ServiceNow tickets through InsightVM projects? We’re getting the tickets to open initially, but status changes to the tickets don’t change the status of IVM projects. And changes to the projects don’t close the ServiceNow tickets. I haven’t been able to get a solid answer on how it’s even actually supposed to work. We only have ServiceNow and InsightVM.
Has anyone out there successfully integrated InsightVM with ServiceNow so that InsightVM gets updated when ticket status changes (closed)?
Changes to remediation project solutions in InsightVM do not automatically close tickets in ServiceNow, but changes to the tickets should update the solution status in the projects according to the status mappings set within InsightVM. If the InsightVM solution statuses are not updating in accordance with the mappings, the Rapid7 support team should investigate.
This is how the integration should be working:
Using the above mappings, if a ticket (incident) is set to Closed in ServiceNow, the associated solution within the remediation project in InsightVM will update to Awaiting Verification. Upon re-assessment, if the remediation was successful, the solution will then update to Closed.
Please note that the only Remediation Solution status mappings that can be updated via ticketing are Awaiting Verification and Will Not Fix. The other solution statuses (Open, Re-open and Closed) are automatically set by InsightVM when appropriate. You can also set multiple ticketing statuses per each solution status (i.e. Closed and Done may both map to Awaiting Verification), depending on how many options are available in ServiceNow. InsightVM used the incident_state labels, so custom values can be used as well.
We have our solution status mappings all setup, and have created test tickets using remediation projects. The tickets get created in SN just fine, but when we change the status in SN to one of the mapped statuses, InsightVM never changes. We opened a ticket with Rapid7 months ago but it has gone nowhere.
IMHO the “ticketing integration” component is lacking.
If you really want the true functionality that just works you need the full SOC module from SNOW.
prepare yourself for a scary number and follow up implementation cost.