ServiceNow®

To import your Fortra VM vulnerability data into ServiceNow, do the following:

  1. Generate a Fortra VM API Key.
  2. Add the Fortra VM Sync application to your ServiceNow instance.
  3. Connect your ServiceNow instance to Fortra VM.

Generate a Fortra VM API Key

  1. Log in to Fortra VM.

  2. From the navigation menu, select Account > My Profile.

  3. On the API Tokens tab, select + Create new token.

  4. In the Add New Token dialog, enter the token name and then select OK.

  5. Below your token name, selecting Click to show key displays your API Key.

IMPORTANT: An API Key is equivalent to a user’s password. Do not use a key with more than one product integration. If you believe a key is compromised, delete the token from Fortra VM immediately by selecting the Delete button and resulting check-mark to confirm.

Add Fortra VM Sync App to ServiceNow Instance

Go to the ServiceNow Store and search for Fortra Fortra VM, then download the Fortra VM Sync application and add it to your ServiceNow instance.

TIP: Review the app’s system requirements and dependencies on its ServiceNow Store page to make sure you can use it.

Connect ServiceNow Instance to Fortra VM

To connect your ServiceNow instance to Fortra VM, do the following:

  1. From the navigation menu, select FVM Sync, then select Configure.
  2. Create a new record.
  3. In the API Token box, insert the API Key you generated.
  4. Select the search icon under Custom Script Vulnerability Filter to create a new filter.
    5. TIP: It is strongly you suggested you create a filter called Critical Vulns Only that includes only Critical severity vulnerabilities.
  5. Select FVM Verify API Token at the top or bottom of the screen.
    6. In a few moments, you should see an alert at the top of the screen with the username the API Key is linked to, and your vulnerabilities will begin to sync.

User Groups in ServiceNow

To create a user group in ServiceNow:

  1. Select User Administration, then select Groups.
  2. Select New.
  3. Enter the following field values:
    FieldValue
    NameFortra VM Sync
    DescriptionUsers of the Fortra VM Sync application
  4. Right-click the form header and select Save. The system displays the Roles and Group Members related lists.
  5. From the Roles related list, select Edit. If you have a custom role and users associated with that role, proceed to the next step.
    NOTE: If there are no custom roles, you will need to create them. To create custom roles, view the ServiceNow Product Documentation.
  6. Add the roles required to use the Fortra VM Sync application.
  7. To add individual group members, select Group Members and then select Edit.
  8. Add the group members required to use the Fortra VM Sync application. You now have the ability to enable access control on the Fortra VM Sync application with ServiceNow.
    9. NOTE: To learn more about groups on ServiceNow, view the ServiceNow Product Documentation.

Explore Vulnerability Information

The Imported Vulnerabilities table shows the vulnerabilities imported from Fortra VM. The table is updated daily when the integration runs.

Automate Ticket Creation and Other Actions

There are two main hooks for triggering automation when vulnerabilities are added to your system.

  • The first is a table transform map called Found Vulnerabilities Import and its associated Import Set table imp_vulnerability_instance. Integrating through the import set gives you the ability to differentiate between new vulnerabilities and updates to existing ones.
  • The second is triggered by adding business rules to the FVM Vulnerability Instance table. Business rules in this table have access to Vulnerability Dictionary information, such as vulnerability details and recommended solutions.

For more information about ServiceNow Sec Ops, see ServiceNow® Sec Ops Integration.