7
1.3.2
Xanadu, Washington DC, Vancouver
Integrating HCL AppScan and with the ServiceNow Vulnerability Response platform allows you to import vulnerability data from HCL AppScan Enterprise (DAST findings), HCL AppScan on Cloud (DAST, SAST, or SCA findings), or HCL AppScan 360° (DAST or SAST findings) into ServiceNow. This integration enables businesses to efficiently identify, prioritize, track, and remediate vulnerabilities in their systems based on HCL AppScan findings.
Key Features
- Data Import: Import applications, scan summaries, and application-vulnerable items into your Now Platform instance either on-demand or based on pre-configured automated schedules.
- Detailed Findings: Information on complete request/response for DAST vulnerabilities as an attachment for each AVIT in ServiceNow.
- Data Flow Information: Information on complete data flow for SAST vulnerabilities as an attachment for each AVIT in ServiceNow. Applicable for ASoC and AppScan 360° integration.
- Risk Scoring: Support for risk score calculation based on scan finding severity.
- AVR Configuration: Support for ServiceNow AVR configuration options to help manage exceptions and false positives in your instance.
- Selective Data Import: Support for configuration filters based on status, scan type, and severity for selective data import.
Considerations
The plugin supports the mapping one HCL AppScan Enterprise Server with one ServiceNow instance. Subsequently configuring a different AppScan Enterprise Server in the plugin overwrites previously imported data.
Version 1.3.2
-
Support to populate the recommendation field for HCL AppScan Enterprise findings with link to latest remediation advisories.
-
Support to populate the last dynamic scan date for HCL AppScan Standard scans imported into HCL AppScan Enterprise.
-
Support to mark ServiceNow Applications as Inactive if the corresponding HCL AppScan Enterprise Applications have been modified to remove the "DTSProvider" attribute.
- Minor enhancements and bug fixes.
Version 1.3.1
- Issues not found in a Rescan in HCL AppScan Enterprise will be automatically marked as Closed in ServiceNow with Target Reason set to Stale.
- Bug fixes
Version 1.3.0
- Support for importing DAST and SAST findings from HCL AppScan 360° 1.3 and above.
- Support to populate First Found and Last Found Dates for HCL AppScan on Cloud and HCL AppScan 360° findings.
- Support to view How to Fix recommendation from within AVITs for HCL AppScan on Cloud and HCL AppScan 360°.
- Support for latest AVR module : 23.0.6.
- Support for Xanadu instance.
- Bug Fixes.
Version 1.2.2
- Support for configuration of REST API timeout property for HCL AppScan Enterprise integration.
- Enhanced logging for troubleshooting.
- Minor enhancements and bug fixes.
Version 1.2.1
- Changes to support auto-closure rules for findings imported from HCL AppScan Enterprise and HCL AppScan on Cloud.
- Performance enhancement and Bug fixes.
Version 1.2.0
- Support for importing SCA scan findings from HCL AppScan on Cloud.
- Support for Washington DC Instance.
- Minor enhancements and bug fixes.
Version 1.1.0
- Support for MID Server Selection in configuration page for HCL AppScan Enterprise integration.
- Support for new ServiceNow AVR Configuration options to help you manage exceptions and false positives in your instance.
- Support for populating CVE and CWE with findings imported from HCL AppScan Enterprise 10.4.0 and newer.
- Minor enhancements and bug fixes.
Version 1.0.3 GA
- This general availability release of the Vulnerability Response Integration with HCL AppScan adds the ability to import applications, scans, and vulnerabilities detected in HCL AppScan Enterprise and HCL AppScan on Cloud into ServiceNow.
Version 1.0.2 Beta
- Final beta release to support import of DAST and SAST findings from HCL AppScan on Cloud into ServiceNow.
Version 1.0.1 Beta
- Interim beta release with enhancements and bug fixes.
Version 1.0.0 Beta
- First beta release to support import of DAST findings from HCL AppScan Enterprise into ServiceNow.
ServiceNow Prerequisites:
- Vulnerability Response 24.0.6
- Set the ServiceNow system property "sn_vul.create_closed" to 'true" to ingest issues in a "Closed” state. The default value is “false”.
AppScan Enterprise Prerequisites:
- HCL AppScan Enterprise 10.0.8 or newer along with API access. To populate CWE information, HCL AppScan Enterprise versions 10.4.0 or newer is required.
- Create the custom attribute "DTSProvider" in the HCL AppScan Enterprise Application profile template. Set the value to “ServiceNow”.
- Create the custom attribute “DTS_ServiceNow_APM_AppID”. Set the value to the ServiceNow APM App ID. This tells the connector to populate this value in the respective ServiceNow field on application import.
- Scans must be associated with an application.
AppScan 360° Prerequisites:
- HCL AppScan 360° 1.3.0 or newer along wth API access.
Permissions and roles:
- System Admin (admin) or Application Security Manager (part of App-Sec Manager group)
- HCL AppScan on Cloud user access for DAST, SAST, and SCA scan information.