Bitsight for Vulnerability Response by ServiceNow Setup Guide

The Bitsight for Vulnerability Response integration is certified by ServiceNow and is available in the ServiceNow App Store.

Requirements

• The Bitsight SPM app
• A supported version of ServiceNow.
• The Bitsight for IT Service Management solution.
• The Vulnerability Response plugin, which provides the base functionality for ticket management. Included with the ServiceNow Vulnerability Response package.
  • If you have a Vulnerability Response package already in your instance, you do not need to install the plugin separately.
  • If you do not have a Vulnerability Response package, you will be asked to install the Vulnerability Response plugin when installing Bitsight for Vulnerability Response.
• Bitsight for Security Performance Management Connector, which includes Bitsight for Vulnerability Response. This is automatically installed during the installation of dependent applications and all configurations are done through the dependent application; it does not require installation or configuration by the user.
• Required system table permissions: sys_import_set_row

Download and Installation

1. Download and Install the application, available in the ServiceNow App Store.
    
2. Copy and paste a Bitsight company API token to the “API Token” field to use it in the application. To ensure existing integrations do not break when certain user accounts are deleted, please use a company API token as opposed to a user API token. To generate a new API token, go to the Company API Token section of the Account page in the Bitsight platform. Remember, API tokens should be treated as a password. If you think your token might have been compromised, you can always generate a new one, which will invalidate the previous token. If the integration is failing, see troubleshooting for details.
    
3. Assign a ServiceNow Admin role (x_bisit_vul_resp.vul_app_admin) to a user.
    
4. As a ServiceNow Admin, navigate to the Bitsight for Vulnerability Response Configuration module and set the following configurations:
   • Section 1:
     1. Set the API Token to the Bitsight API token. Select the Validate Token button to check if the API token is set correctly.
     2. Select the organization you would like to receive findings details for. Relationships are structured as a parent company and a subsidiary company (child). Subsidiaries are companies that are within the hierarchy of an organization. They are depicted in an organization’s Ratings Tree in the Bitsight platform.
   • Section 2:
     1. Configure the finding severity to filter the finding details.
     2. Configure the asset importance to filter the finding details.
     3. Configure the finding grade to filter the finding details.
     4. Configure the risk vector to filter by particular risk vectors.
     5. Configure the Vulnerable Item Assignment to assign the Vulnerable Item incident tickets to a group/user. If opted, this should point to the users who will deal with the incidents.
     6. Configure the caller field to set the Caller field in Vulnerable Item tickets. This is done as caller is a mandatory field. It can just be a web-only user. All vulnerable items will have this user as the caller.
     7. Select ‘Limit choices to user language only’ option to view the ServiceNow Vulnerable Item states list in the language of the user who is currently logged in. If not selected, the list of all the ServiceNow Vulnerable Item states will be available in multiple languages.
     8. Configure the ServiceNow Vulnerable Item states and Bitsight remediation status mapping under the ServiceNow and Bitsight Mapping property.
        1. This feature also requires the ServiceNow’s OOTB role (personalize_choices) to behave correctly.
        2. It is not recommended to change the ServiceNow and Bitsight Status Mapping property configuration frequently.
     9. Configure the max age days field to retrieve the findings of ‘x’ days ago.
        
        Note: This is a one-time configuration, and later the field will get disabled.
         
5. As a ServiceNow Admin, navigate to the Data Import Job Schedule [Bitsight for Vulnerability ResponseITSM ➔Schedule Data Imports  Data Import Job Schedules] and set the import time as desired.

After Setup

• The first run will import Bitsight findings into the vulnerable item table. If configured, a vulnerable item for any findings will be created for resolution.
• To test immediately, execute the import scripts as ServiceNow admin. This should import the findings immediately into the system.
• Non-Admin users of this application need to be assigned the User (x_bisit_vul_resp.vul_app_user) role. All such users should be able to access vulnerable items. 
• This can be done either by assigning the sn_vul.vulnerability_analyst role directly to the user or by editing the x_bisit_vul_resp.vul_app_user role to include the sn_vul.vulnerability_analyst role.

Other ServiceNow integrations:

• ITSM
• Security Incident Response
• VRM