hello my name is Joey Wasco I'm a senior technical consultant for Serna solutions and today I'm going to demonstrate the ServiceNow vulnerability response automated scan capabilities for the Qualis integration we'll be going through this with the latest release of vulnerability response version 10 point oh one thing to note here before we get started since we're working with a demo instance of servers now as well as a demo Qualis environment I have no way to actually remediating abilities so that the workflow completes but I will be able to show the process overview as well as the scan initiation and results in order to make this demonstration easier to follow I'd like to provide brief definitions of vulnerability groups and vulnerable items vulnerable items are records that link a vulnerability whether from Qualis or the national mobility database and a CI from your CMDB vulnerability groups are logical groupings of vulnerable items designed to be worked as a single record which essentially parents all the vulnerable items that are associated with it for a more detailed overview please see the linked video in the description now that we have these definitions out of the way let's get started taking a look at the workflow overview you can see that the initial state is in the open state once we've progressed the state to the under investigation and then awaiting an implementation we then hit the resolved state the resolved state is the key state for the automated rescan workflow once a vulnerability group or vulnerable item is moved to this state the system automatically generates a koala scan to go out and scan the identified assets in the environment once the scan is complete the results come back and are parsed by the system to update the record that initially kicked off the skin and to create any net new vulnerabilities that were found if the vulnerability was indeed fixed on the asset the vulnerability group or item will automatically go to the closed state if the vulnerability was not fixed however it moves it back as you can follow the dotted line here to the open State now that we have a picture of how the overall process works let's take a look at how this is achieved in the system so we could have for mobile item here see we have this one available so as you can see this one already has an assignment group and an assigned to its in the open State and there is no resolve button up here in the forum we're going to go ahead and progress it in the process under investigation and now waiting implementation and you'll notice that the resolve button does appear once we click the resolve button you have a resolution notes box once you click the resolve button you have your resolution notes and you can fill this out as needed click and resolve it moves it into the resolved state and now kicks off a vulnerability scan so if we look at the scans here we can see that a new scan has been queued and if we click into the record itself this record will update throughout the scan process as Qualis communicates back to ServiceNow what's going on with the scan we're going to go ahead and pause here and it's going to take about ten minutes for this scan to come back from Qualis once that completes as you can see here it did update it but once that scan completes we're going to go ahead and walk through the rest of the process all right scan came back looks like it's all complete and we'll go over how long it took here in a second but this is the scan vulnerability scan record that we saw initially that had this all kicked off as you can see it's been populated with more information we have the scan results attached here this is what gets parsed and updates the vulnerable item or vulnerable group that initiated the scan as well as creates any net new vulnerable items that came back from a scan the related records are linked down below here and the integration run details are here if we go over to the Koala side we can see that the scan actually took nine minutes and 34 seconds this seems to be about the average time that it takes for just one one vulnerable item your results are gonna vary if we go back to the vulnerable item itself we can see that it's now back in the open state because that vulnerability was not remediated and that is the entire process right there so the whole goal and purpose of this is to help alleviate your security operations teams manual process of going and doing the process of remediating these vulnerabilities as well as validating the work necessary to resolve them so with the Koala security operations plug-in and vulnerability response and ServiceNow your security team can free up their valuable time from manual tasks like this that are easily automated and validated this is just one piece of automation the service now brings to the table and vulnerability response and security operations for more information about sir--no solutions and how we can help you automate your business processes feel free to visit us at Serna solutions.com or contact us at the information on the screen thank you for watching and we hope to connect with you soon [Music]