Vulcan integration with ServiceNow tickets such as Incidents or Problems helps users track remediation progress for vulnerabilities. Vulcan creates tickets using take action or automation actions. changes to the ticket are reflected in vulcan.
When the vulnerability is no longer detected by the vulnerability scanner, vulcan will automatically close the campaign and associated tickets, Alternatively
users can manually close the campaign and choose to close associated tickets.
ServiceNow incidents are opened in "New" sate, when closed by vulcan the state will change to "Closed".
ServiceNow problem has problem tasks related to them, Vulcan will change only the state of the problem tasks to "Closed".
Service now can be configured to automatically close the problem when all problem tasks are completed.
Users can also manually close the campaign and choose to close associated problem tasks.
For Vulcan to close problem tasks the following configuration must be set in ServiceNow
- Assignee must be set on the problem task
- Remove read only from problem task state field
- Disable problem task workflow
- Choice list -> table [Problem task] -> element[state] -> label [Closed] - must exist
The event flow graph below describes the lifecycle of a problem ticket created with vulcan.
- Tenable is used as an example for Vulnerability scanner but this flow will work with any vulnerability scanner
- The flow for incidents is similar, an incident will be created instead of a problem, on a closed event the the incident will be closed (instead of the problem task).