Notifications

4 views

Description

Is it possible to run "Exposure Assessment" in Vulnerability Response feature periodically possibly as a Scheduled Job?

Resolution

The Exposure Assessment feature is intended to run on-demand (zero-day vulnerability) for a particular asset with the option of choosing existing CVE or create new CVE if not already exists. It is not intended to run it periodically or schedule it.

This process has the below steps and requires some user inputs in each step, so it would be difficult to create a scheduled job for this.

1. Create a new exposure assessment with Publisher, Product, Version and Edition details.
2. Run Show Exposure.
3. Run 'Create Vulnerability Items' (VIs) action and provide either existing CVE or choose the option to create new CVE by providing details.

There are few challenges if you create a scheduled job for the above steps.
1. We should hard-code publisher, product and version details - that means you schedule it for particular Asset only, we can't schedule it for dynamic assets.
2. We should hard-code CVE details for the chosen Asset and only run create VIs for that particular Asset periodically, which does not make sense.

To achieve zero-day vulnerability on new vulnerabilities announced on NVD or other sources, we should run Exposure Assessment dynamically for that particular Asset.

We have below documentation on how to create an Exposure assessment and run it.

https://docs.servicenow.com/bundle/orlando-security-management/page/product/vulnerability-response/task/vr_sw_expsure_task.html


Article Information

Last Updated:2020-03-10 01:12:01
Published:2020-03-10