6
2.0.0
Yokohama, Xanadu, Washington DC, Vancouver
Import Armis Device Vulnerabilities into ServiceNow
Armis® is the first agentless, passive, enterprise-class security platform to address the new threat landscape of managed, unmanaged and IoT devices. It discovers every asset in your environment, analyzes device behavior to identify risks or attacks, and protects your critical business information and systems. Together, Armis and ServiceNow provide a unified asset management solution for any managed, unmanaged, IoT, medical, and manufacturing/OT device.
Continuous, Reliable Device Visibility
Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there--and what’s not.
When integrated with the ServiceNow Vulnerability Response Module, the Armis platform ensures that ServiceNow always has the latest vulnerabilities matched to Armis discovered devices. Armis continuously and passively monitors in real time all network devices to ensure vulnerabilities are correctly matched giving you a complete up to date vulnerability profile for all devices on your network.
- ServiceNow Operational Technology (OT) Certified
- Compatible with ServiceNow OT VR
- Real-time discovery against your full device inventory, including OT, IoT, and unmanaged devices.
- Prioritize device vulnerabilities to aid remediation efforts using AVM Risk Score
- Automatically close stale Vulnerabilities
- Cross customer data to provide increased threat intelligence
- Designed to be fully compatible with the Service Graph Connector for Armis
- Guided Setup helps you get up and running quickly
- Support your Operational Technology OT VR workflows alongside IT VR
Version 2.0:
- This major release is compatible with Vancouver, Washington, and Xanadu.
Enhancements:
- Delta Import Capability: The integration now supports delta import functionality, enabling more efficient data synchronization. The new "Armis Vulnerability Detection Integration - Delta Import" will only import new and updated vulnerabilities since the last successful integration run. The "Armis Vulnerability Detection Integration - Full Import" is also provided, which allows you to retrieve the entire device vulnerability inventory on-demand.
- Custom Device AQL Support: With version 2.0, you can now configure a Device AQL specific to Vulnerability Response. This allows you to import vulnerabilities only for devices matching the specified AQL. Previously, the integration imported vulnerabilities for all devices imported by the Service Graph Connector for Armis. You may choose to use the AQL to import vulnerabilities for a smaller subset of devices.
- AVM Rating Filtering: A new filter option allows you to import vulnerabilities based on AVM rating, in addition to the existing Severity filter.
- Performance Improvements: The integration now retrieves only the data that matches your specified filters, improving efficiency. Instead of importing all data and then discarding unnecessary information, only the relevant vulnerabilities and devices will be retrieved, reducing unnecessary load and improving performance.
Version 1.1.10:
- This version is compatible with Vancouver, Washington, and Xanadu.
- Minor security enhancements
- Bug fix: when filtering out Auto-Ignored vulnerabilities from Armis, the application now checks for the proper Status Source of "Auto Ignore".
Version 1.1.09:
Enhancements:
- Status Change Reason mapping: When a Vulnerability Match has its status updated in Armis, the Status, Status Source, and Status Change Reason are mapped into an Armis Status Change table. This table can be viewed via Related List from a Detection or Vulnerable Item. Status Changes are mapped from the sources: Manually from Console, API, Policy, Auto.
- Filter Auto-Ignored Vulnerabilities: If a vulnerability has been automatically marked Ignored in Armis, these can be filtered out of the ServiceNow import so that Detections and Vulnerable Items are not created for them.
Affected Components:
- System Properties:
- New Property: 'x_armis_vr.map_status_change_reason'
- New Property: 'x_armis_vr.filter_out_auto_ignored_vulnerability_matches'
- Script Includes:
- Update: 'ArmisVulnerabilityDetectionIntegration'
- Update: 'ArmisVulnerabilityDetectionImportReportProcessor'
- Tables:
- Table: Armis Status Change
- Columns:
- 'detection'
- 'status'
- 'status_change_reason'
- 'status_source'
- Columns:
- Table: Armis Status Change
- Forms:
- Armis view ('armis_vr'): A view for the Detection and Vulnerable Item forms. Shows the "Armis Status Change Reason" Related List
Version 1.1.08:
Compatability: Updated for compatibility with the ServiceNow Washington DC Family Release.
Enhancements:
- AQL Querying Enhancement: Added functionality to allow for more customized querying when retrieving vulnerable item data from the Armis API. This enhancement introduces a new system property, x_armis_vr.vulnerability_entry_import_aql_override, enabling customers to write custom AQL queries for the integration to tailor data retrieval according to their needs.
- Extended Import Columns: Added new import columns to the Armis Vulnerable Entries Import table, enhancing the flexibility and depth of data import capabilities.
Affected Components:
- System Properties:
- New Property: 'x_armis_vr.delta_days_default'
- New Property: 'x_armis_vr.vulnerability_entry_import_aql_override'
- Script Includes:
- Update: 'ArmisVulnerabilityEntryIntegration'
- Table: Armis Vulnerable Entries Import:
- New Columns:
- 'type'
- 'lastDetected'
- 'firstDetected'
- New Columns:
- Table: Armis Integration:
- Updated Column: 'Last successful run time'
- ServiceNow Vulnerability Response
- Service Graph Connector for Armis
- Vulnerability Response Integration with NVD