[Music] in order to subscribe to my channel please click here or click here please share comment and like my videos and channel hey guys welcome to SAS with service now let's continue with vulnerability response application and modules in this session I will walk you through the application of VR and its various modules this is my personal developer instance VR application is a scoped application so you can see I have selected VR application vulnerability response in the left hand side you will see VR application and its various modules you will also see related to VR that is Qualis vulnerability integration however we will talk about is this application and its modules in later sections let's talk about VR application and its modules the first module we have is overview now this will show you the overview of all the different records you have in VR application for example how many items are open what is the remediation status any deferred vulnerable items any open vulnerable items by 1tt well these are different you can see different metrics they have selected and it is out of the box the next module we have is a remediation overview like always shows whatever rackets we have it shows the status different vulnerabilities we have received that's something you will see in our view in remediation overview as in VR application our target is to remediate all vulnerabilities of our organization in that case in this particular section in this dashboard you will see all the status of different vulnerabilities and items assigned to you so you can see it says assigned to my groups and assigned to me as of now nothing is assigned right now and that's reason you might not see some data in in this particular window the next section we have is vulnerabilities and that's a really important section now the first module we have under vulnerabilities is vulnerability group we talked about it earlier that whatever items whatever vulnerable items we get and ServiceNow which is which are being imported from third-party source may be like scanner you get into that and then you group them that's grouping is basically one er ability group racket if you will open it you will see that you will see the number you will see some risk rating risk or remediation target remediation status state as well you will see a Simon group assigned to and short description here it says vulnerabilities with no one exploits and this is the vulnerability we have to resolve for this particular group now which item is included that is one of the bill item that is this one but that's what you can see in one little cheat groups and it also shows that excludes deferred so how many items are there include Stepford how many items VI remediated if whatever vulnerable items we have in this particular VG how many of them are remediated that's something you can see from this particular view as well and then we have notes the next module we have is vulnerable items that means whatever vulnerability we have now what are the items we have created from those vulnerability for different configuration items so if I will click any single record VI record so basically people are like even if you will be working in VR application you will you will hear these these terminologies these terms like VG and V I so nobody directly says vulnerability Gribbs so one one durable items you can just say VI and VG's now this is the VI item you will see the important fields here one is configuration item and another one you will see a vulnerability that means on this particular configuration item this might be part of your organization and it is in the ER CMDB it created this it basically created the racket this VI e for this particular one durable qi that means this item has this particular vulnerability maybe it was found by your scanner now it can be assigned to someone an assignment group assigned to same thing risk rating risk score then this tab shows the data the details about the vulnerability that is something you can see here then we have configuration details that whatever endpoint which was found you can see the details in this particular section then you have closes section and then you have notes as of now I think this one is fixed so this is this is what we have in vulnerable items module you will see all the VI items that means vulnerable items VI rackets then we have open now this will show you all open VG's you can see here then we have a sign to me that means all the VG's which are assigned to mice of the logged in user you can see here now why we have these modules just for VG's not for vis and the reason behind it as I mentioned earlier that only VG's are supposed to be remediated when I say on DVDs because VG's basically they are inherited from task VI is just for catching up the data importing the data you can them and then remediate them to us after assigning to someone because you might have millions of records or you can't remediates of Records like quickly in that case you have to group them as per the conditions as per the as per the like team structure you have in your organization or maybe some different conditions then we have assigned to my groups so all the VG's assigned to my grips then we have my approvals if I have any approval to give then in that case I can see those records here and then we have ungrouped VI items that means vulnerable items whatever VI records which are not being grouped yet you can see in this particular view the next modules we have is libraries now we were talking about vulnerabilities because that is the most important factor here for this module because if you will get because you have to track all the vulnerabilities there what are wonder bilities I we have in this as part of the standard perspective and in your organization the first racket we have is NV D now this is you can see it says national vulnerability database entries now if you remember I mentioned in my first session that we have an organization that is NIST it's basically publish all the vulnerabilities we have for all different softwares all different systems or may be operating system you will find over there what ServiceNow is doing service now is just downloading those records in cyrus now and importing those records directly so that you can track each one of them maybe that might that that particular vulnerability is in your system one of your system then we have cwe that is common weakness enumeration now this one is basically for only for software so whatever weaknesses we have which can increase the risk for threats for vulnerability that you can see in this particular library you will have all cwe records and then we have third party now this one is basically from another system we which we mentioned about for example a scanner so you might have different scanners in your organization maybe rapid7 maybe Qualis or maybe tenable as of now this is showing you the data which was found by tenable but if you have Qualis or any other other scanners which which scans all the vulnerabilities of your organization that can also be integrated and you can import data in this particular system so whatever vulnerabilities were found in your environment in your organization and they are on that particular source that in Qualis for example they will be imported automatically in this particular system and this is like a knowledge base and okay these are the vulnerabilities which were found in your system you can see it shows the data that which category it is what kind of vulnerability it is attack it also shows you the remediation nodes that means how exactly you can remediate them maybe by patching maybe by upgrade whatever step that's what we have some other records like CVEs now this CVE basically is the same information which we imported from nvd as well so it tries to relate them whether we have the same kind of vulnerability in nvd data or not so that's what it rides to search so this is about libraries so whenever you hear libraries that means it is talking about vulnerabilities now the important thing which I want to show you just show you the table so for third-party vulnerability entry we have this table however this table is extended from vulnerability entry this is the parent table base table for all the vulnerabilities you have in your system even for nvd if I show you an vidi and I show you the table you will see it extends from vulnerability entry but this is about libraries so you have a parent table that is ve the next section we have about vulnerability scanning now if you have Qualis for example the ServiceNow also gives you a functionality so that you can directly scan your environment with the help of ServiceNow it can trigger the scanning directly from ServiceNow so the first we have in this particular module it shows the exposure assessments that as part of the scanning whatever assessment was done it is scanning different different configuration items from your scanner and that's kind of assessment you will see here then we have scans so you can trigger different scans from ServiceNow but the different appliances because you have to first import those appliances in service now and then you have to trigger them so that's what you can start running any kind of scan then we have a scanner but what kind of scanner you you will you would have so here I think by default when I when I enabled Qualis so it added this scanner that is Qualis a scanner then we have scan Q that means if you are running some scans you will see those in the queue and you will see when exactly it got processed whether it is still processing that's something you can see in this particular module then we have scanner rate limits Mihir you can mention some limit like for example you can see it's a scan request per minute you want to scan all the items per minute that's something you can do here so that's you can you can customize it or maybe add more limits as per your requirement then we have rate limit definition that whatever rates whatever are the rate limit we have in the scanner those you can define in this particular module that is rate limit definitions we will definitely talk about these modules in details later then we have administration section where it normally like in ServiceNow you you should have this kind of section where you can like administer the application and the first module we have under administration is setup assistance now this setup assistant is basically you must be aware that it is not only in this application it is also in some other application where ServiceNow shows you the path but how exactly you can implement you can configure any application so ServiceNow is also giving this setup assistance in in in VR application as well I think it's taken a little bit more time you can see to open maybe I will show you to show show it later then we have assignment rules now I will explain you the little bit process around VR application but I will also explain in details later now in VR application basically the overall process is that if you have a scanning system where you have all the vulnerabilities for your different endpoints you import those data into ServiceNow now but how exactly you will decide that which team has to remediate it in that case assignment rule is really important so when you import the and when you write the assignment rule prior prior to importing it now once you will done with assignment rules conditions then once your data will be inserted you will see it will be assigned your vulnerable items will be assigned as for the conditions you will mention in these rules so that's how it will decide and then after defining the assignment groups assignment then you will have grouping as well accordingly and then different teams can remediate those VG's within specific SLA so as you can see we have assignment rules I will show you maybe one of the assignment rule that is workstation assignment rule you will see that we have assigning assign using assignment group assigning your fields a script now which which assignment group you we are talking about VI and what assignment group field we are talking about the field we have is CI item field so there is a assignment group field over there so that's what you can select so we have a Simon group any field which is ready to the assignment group field if you will select it you will see which group field it is talking about so you will see we have see item approval group assignment group or support group the last we have script that means ServiceNow also gives you an opportunity to customize these rules as per your requirement maybe it is not doable which is these configurations in that case you can use a scripting then we have vulnerability calculators now this is something related to the risk of calculation because while you may have multiple vulnerable items you definitely want to provide them some kind of priority some kind of a risk score because for example you have to decide that which one er ability I have to resolve first it might happen that you may very high priority risk it can it can ruin your system maybe in one or two days in that case you have to resolve it as soon as possible or maybe quickly that's what you can define in these calculators that and then we have roll-up calculators our rule of calculators basically that you calculate all these risk score in via VA records but you have to roll up them to VG records that's what you will do in a vulnerability roll-up calculator then we have remediation target rules now this is one of the one of the important module I would say because here you will define that as per the score as per the priority there are different conditions you will mention here you'll provide some rules that how exactly it should select the remediation target so for example if you have some items maybe risk score is maybe 10 or so that's an example and you will mention the rule here that if risk score is 10 the target days to to to remediate that particular vulnerability group is just maybe 5 days so your SLA will run accordingly and-and-and-and end-users they might get emails as for the target days you will mention then we have vulnerability group rules now here you will define the grouping that how exactly you want to group all those vulnerable items you will have millions of records but how you want to group them so that you can assign to the right team and they can resolve that kind of vulnerability next we have nvd auto-update now in this section you whatever data we get from nist that is nvd data you can just like get the frequent data and you can select it right here and enable it and in this case when you will enable it it will automatically update the nvd data for that particular year you can see we have till 2002 then we have notifications now this is just out of the box platform notifications so you can enable/disable or you can add more notifications then we have email templates specifically for VR application you have specific templates which you can use as of now it's one out of the box but you can create your own templates as per your organization requirement or your customer requirement then we have import queue now here whatever data we are importing you will see the queue here you can track them whether the data is being processed successfully or not then we have integrations now what are the different integrations involved that you can see in this module we are not talking about all these integrations because we will do it in later sections but as of now this particular module shows all the integration you have for VI VR application then we have on-demand update on demand update is basically for nvd so if you want to import data of nvd for that particular year you can just check that box click on import data will be imported I'm not showing right now I'm not clicking this button because there's just a module walk you through our walkthrough session so I will show you later how exactly this data is imported then we have SLA definitions so you can you can create different essays for your VG records that how exactly it is being remediated or any any other steps you want to involve that it can do in Fla definitions to track the SL ease and the last we have normalized civility maps now here you can see we have like a target value for nvd we have four Qualis it's just a civility map that what kind of source value I would have and what kind of target value I will have for severity so for example from Collis I'm getting five but in target it should be critical that's something you can you can map those data into the severity maps and the reason behind it you can see we're getting five from Qualis but idly for koalas so five is critical but in ServiceNow it normally happens that one is critical so that's how you can define these severity maps in this module so I hope you liked the session so thanks for watching my video have a great day