0
1.0.3
Australia, Zurich, Yokohama Patch 6
Integration
The AWS Integration for Security Exposure Management imports vulnerability and configuration compliance data from AWS Inspector and AWS Security Hub into ServiceNow's Security Exposure Management, giving you a consolidated view of your AWS exposure posture and enabling remediation workflows directly from ServiceNow.
The AWS Integration for Security Exposure Management application includes the following key integrations:
- AWS Inspector Vulnerability Integration
- Import host vulnerability findings for EC2 instances and Lambda functions from AWS Inspector. Findings are mapped to Vulnerable Items (VITs) and Detections within the Vulnerability Response application to support triage, prioritization, and remediation workflows.
- Import container image vulnerability findings for ECR images from AWS Inspector. Findings are mapped to Container Vulnerable Items (CVITs) and Container Image Findings to support container-specific remediation workflows.
- AWS Security Hub Vulnerability Integration
- Import host and container vulnerability findings from AWS Security Hub. Findings are mapped to the corresponding ServiceNow vulnerability constructs (VITs, Detections, CVITs) to provide a unified view of vulnerabilities surfaced through Security Hub aggregation.
- AWS Security Hub Configuration Compliance Integration
- Import security posture and configuration findings from AWS Security Hub. Findings are mapped to Tests and Test Results in the Configuration Compliance application to help you enforce security policies and track compliance across your AWS environment.
- Multi-Region Support
- Configure ingestion across multiple AWS regions. Credentials are validated per region using STS calls, and configuration is saved only when all selected regions validate successfully.
- Delta Sync and Lifecycle Management
- Delta sync is supported for open and fixed vulnerabilities, and for configuration findings where applicable. Delta timestamps update only after successful retrieval across all configured regions. State management follows the standard Vulnerability Response lifecycle, with auto-close rules applied.
- Configurable Ingestion Filters
- Configure filters through the integration UI to control what gets ingested. Available filters include severity, CVSS base score, finding status, exploit and fix availability, observed and modified timestamps, tags, region, account ID, and batch size.
- Read-Only, Pull-Based Integration Model
- The integration operates in pull-only mode. Status changes in ServiceNow are not pushed back to AWS.
- Asset Correlation and Platform Support
- CI mapping and asset correlation are supported, with built-in duplicate prevention. Domain separation is supported.
Initial release
- The following Security Operations plugins must be installed and activated:
- com.snc.security_support.vul
- com.snc.secops.orchestration
- The following applications must be installed and activated. These applications are available from the Servicenow Store:
- Vulnerability Response application and its dependent plugins
- For ingesting misconfigurations from AWS security hub, we need to install the com.snc.vulc plugin
- For ingesting the container vulnerabilities from AWS, we need to install the com.snc.vulnerability.container plugin.
- Permissions and roles:
- System Admin (admin) for installation, and
- sn_vul_aws.configure_integration to configure the integration.