hello again security community welcome back to another video tutorial to help you get started and make the best of servicenow my name is eric faron in santa clara california i am joined today by ravi kumar kanakolu who is senior principal product manager at servicenow and a specialist of vulnerability response hello ravi good afternoon and welcome to the show hi eric thanks for bringing me to the session uh very happy to be here all right ravi so today we're going to talk about a new application available in the servicenow store that will help our customers use the tenable vulnerability scanner yeah that's right eric turnbull is a popular tool and the servicenow team has developed a new method to make the best of the thermal product with the vr integration i will be showing you today how this new app works so servicenow customers can be even more efficient with vulnerability response integration with turnable and i will cover the details of why the customers to choose servicenow developed after the turnover vr integration and i will show the key capabilities from the app that helps the customers to learn before they try to deploy the app in their environment so in terms of agenda we're first going to go through a few refreshers then as you said ravi you're going to take us to an overview of this new turnabout integration tool and then we're going to talk about the recommended next steps let me first start remind our audience that we have a full program of free tutorials to get started with the vulnerability response and today's session is a follow-up of the one that's already available on the table integration so this little picture on the right hand side gives you an overview of the overall program the green marks are the tutorials that are already available in the vulnerability response dedicated community area and today we're adding a new component to this program with this servicenow integration for tenable and the link to the community of course is available in the pdf version of the slides and in the description below this is a slide that we use in the previous tenable tutorial and i strongly recommend our audience to check out that previous tenable tutorial this slide explains at a high level the way servicenow apps and attainable apps interact to form a complete suite and i believe ravi that today you're gonna show us a new way to get this done the interface between the two systems yes eric this slide represents the turnable build connector and how this works to get the asset data and vulnerability data from turnable to vr three apps in the turnable build connector is replaced with a single application to do the same job that is to import the assets and vulnerability information from turnable instances servicenow vr engineering team developed this application with the gold standard and best practices of vr store apps this integration app is in line with other app integrations like qualis and rapid7 from vr store apps okay so let's move on to what the app actually does vrci lookup rules are delivered out of the box support from the via terminal integration we look up for the mac fqdnip to match the asset information in cmdb vr creates the asset information in discord item table if the asset is not identified in the cmdb other key capabilities are highlighted here like setup assistant i will cover the functional capabilities in the follow-up slides injection speed is improved that was tested in our test labs other important point is that paris and orlando are the supported s and platforms customer with the standard vr can get the vr tenable app no extra license cost to use this app if they have the vr standard one more point customer might have a question like what benefit they will get if they already using the turnbull build connector or plan to use the terrible build connector or they might have a question why two apps for the same purpose that's a valid question both the apps deals the same purpose but customers are interested to leverage the platform and vr level capabilities with the integration solutions like attainable we closely partnered with turnable to bring this app to address our common customers demand to get the value from platform and vr features customers will get the support ability from sn support team for vr and s build tenable vr integration apps nest customers wants to lend the feature comparison and customers who want to migrate from the terrible connector they would like to understand whether we have the feature parity with the existing turnable connector or not this slide gives the details about the feature comparison between the two apps i am not getting into the details of each and every row to increase the customers to migrate from the existing turnable connector to the sn build connector feature parity is essential we understand that so we closely work with the terrible team to understand the existing app features and we want to bring those features into the servicenow built-in connector so we included all the features and we include the support for rescan as well if you notice in the table we added all the essential attributes from the terminal specific attributes list and remaining attributes are listed in the appendix slide if customers see any advantage to bring those into the app by default let us know we will add those attributes out of the box in future releases and by default uh what are the features we have at the vr level those features are available in sn built and br integration for example setup assistant and domain separation these features we bring into our app this is very important slide to understand the migration paths from turnable connector to the servicenow build connector we are giving two approaches to migrate the existing app to our app if customer have no requirement to retain the vulnerability information or any other data in vr instance you can clean up the data before using the s build tab for that purpose we publish a kb article with cleanup scripts for the data cleaning in the existing instance another approach is to migrate the data definitely some customers are interested to retain the data so we developed migration scripts to migrate the vis and convert asset information into discord items as we are terrible ab readable data in this process if you notice in the right side diagram migration is very straight forward we create the existing asset information into the discord items with the vr turnable cricup rules and we let the user to adjust the ca lookup rules if any mismatches are identified during the migration process for vs in the existing turnable connector we create the detections and enhance the vas with the detection information and other essential attributes that would be useful for our app to process overall this is a seamless migration process since we don't touch any other elements other than the va's even that matter we are just enhancing few attributes only in the existing vis to process by vr customers don't see a change or losing the behavior of the app or they don't lose the data after migrating to the servicenow built-in app customer can try the migration scripts in the dev environment to see the data is completely migrated to the new app we are giving setup assistant to configure the integrations with the turnable.sc and tenfold.io as a single place to configure integrations filters schedules like daily or weekly all these configurations can be performed from a single place we shipped out of the box yellow cup rules for temple.sc and turnbull.io integration these ca lookup rules are in line with the best practices of the vr integration vrci lookup rules gives some out of the box advantages or capabilities like auto promotion other possible matches and exclude ci classes and also we the retired cis in the cia matching rules customers can customize the ca lookup rules and change the order as well this is the discord items table or like local cache we maintain at the vr level to create the asset information in the discord items table for the next time lookups turnable provides vpr attributes we added out of the box risk calculator to give the additional weightage for vpr attributes like source risk or threat intensity to calculate the risk scores this helps to prioritize the vs with the additional vpr details from the turnable wii provides rescan capability to submit the scan to tunnel.sc from vis vgs and tps remediation owner able to initiate the scan after the vulnerabilities are remediated and we get the visibility of the scan state like cured scanning and completed of the scan job from the turnbull.xd side vulnerability item state will be changed with the nest integration run this is out of the box dashboard to provide the details about the integration run stats and va's updated or created in the last 30 days that gives the visibility about the overall vulnerabilities updates in the system excellent thank you so much ravi so this looks like it's more simple it saves time and it doesn't cost anything else it sounds like a no-brainer to me so as we're coming to the end of the presentation here what would be your advice to the audience in terms of the very next steps right now after they've finished watching this tutorial yeah so if the customer is trying to integrate we are with terminal.sc or temple.io for the first time they can download the app and try the integration with turnable.sc and tunnel.io they will get benefit out of this integration and if the customer is using the turnable connector and if they wants to migrate to the service now build via terrible integration then they can try either of the two approaches or two approaches we called out in the previous slides one approach is to clean up the data or the second approach would be the data migration if their organization requirement is to return the data my advice for them is to download the migration scripts and use them to migrate the data to the new app that is servicenow build via terrible integration all right well ravi thank you very much for your time thank you very much for sharing your knowledge and your expertise we're now at the end of the tutorial and the last reminder to our audience of course please do engage on the community forum and in particular the dedicated community area for vulnerability response make sure you check out ravi's own vulnerability response feature validation private forum and until next time stay safe thanks eric [Music] bye