ServiceNow® Sec Ops Integration

ServiceNow Sec Ops connects with your existing security tools to prioritize and respond to incidents and vulnerabilities according to their potential impact on your business.

To import your Fortra VM vulnerability data into ServiceNow Sec Ops, do the following:

  1. Generate a Fortra VM API Key.
  2. Configure your Fortra VM Security Ops to select vulnerability severities.
  3. Run your integration.
  4. View the tickets.
  5. View the Dictionary Data.

Generate a Fortra VM API Key

  1. Log in to Fortra VM.

  2. From the navigation menu, select Account > My Profile.

  3. On the API Tokens tab, select + Create new token.

  4. In the Add New Token dialog, enter the token name and then select OK.

  5. Below your token name, selecting Click to show key displays your API Key.

IMPORTANT: An API Key is equivalent to a user’s password. Do not use a key with more than one product integration. If you believe a key is compromised, delete the token from Fortra VM immediately by selecting the Delete button and resulting check-mark to confirm.

Configure and Select Vulnerability Severities

  1. In the ServiceNow portal filter navigator (search bar in the upper left), enter Configuration.

  2. The section titled Security Operations will appear. Under this section, select Integration Configurations.

  3. Locate the FrontlineVM Security Ops plug-in, and then select Configure.

    TIP: If you do not already have the integration installed, scroll down to find the FrontlineVM Security Ops integration listing, and then select Install Plugin.

  4. Enter your API Key from Fortra VM and select the vulnerability severities you would like to pull in. It is recommended you start with critical and high severity checked.

  5. Select Submit.

Run the Integration

There are three tasks to run as part of the integration:

  • FrontlineVM Fixed Vulnerabilities - Pulls in fixed vulnerabilities and closes out tickets that are open for them.
  • FrontlineVM Vulnerability Dictionary - Pulls in vulnerability description and solution data.

  • FrontlineVM Vulnerable Items - Pulls in vulnerabilities from your Fortra VM account and attaches dictionary items to them.

By default, these are set to only run manually, by clicking into them you can set a schedule to run them automatically. It is recommended that you try and match the schedule with your scan frequency in Fortra VM.

You can run these in any order, but it is recommended to place them in the following order so that tickets do not wait for additional data:

  1. FrontlineVM Vulnerability Dictionary – Pre-loads dictionary data to use in the creation of tickets.
  2. FrontlineVM Vulnerable Items – Creates tickets for open vulnerabilities on your account.
  3. FrontlineVM Fixed Vulnerabilities – Closes out any tickets with fixed vulnerabilities.

Viewing the Tickets

  1. In the ServiceNow portal filter navigator (search bar in the upper left), enter Vulnerability.
  2. When the Vulnerable Items option appears in the list of results, select it.

  3. Any listing with an External ID that starts with FVM is a ticket created by the integration. By clicking into one of these you can see the data pulled from Fortra VM.

Viewing the Dictionary Data

  1. In the ServiceNow portal filter navigator (search bar in the upper left), enter Vulnerability.

  2. The Vulnerability section will display Third-Party. This is a table of third-party vulnerability definitions.

    Vulnerability dictionary items from Fortra VM will all have an ID that starts with FVM- and a source of Fortra: Frontline. Selecting any of these vulnerabilities will show description and solution data for it.