Integrating Acunetix 360 with ServiceNow Vulnerability Response (Plugin)

ServiceNow Vulnerability Response (ServiceNow VR) is a vulnerability management tool that helps organizations track, prioritize, and share tasks across departments to resolve vulnerabilities. This guide shows you how to set up and configure bi-directional integration between Acunetix 360 and ServiceNow VR.

This integration allows you to not only send identified vulnerabilities from Acunetix 360 to ServiceNow VR, but also send any vulnerability status changes from ServiceNow VR back to Acunetix 360. You can also configure advanced options such as issue detail, field configuration, and configuration item matching.

NOTE: If you prefer to use an integration script without the advanced configuration options offered by our integration plugin, refer to Integrating Acunetix 360 with ServiceNow Vulnerability Response using an integration script.

How to integrate Acunetix 360 with ServiceNow VR

There are three steps to this integration:

  1. Download the ServiceNow VR plugin
  2. Set up the connection with ServiceNow VR
  3. Configure ServiceNow VR with Acunetix 360

After setting up the integration, create a sample issue to test the connection, and optionally configure bi-directional integration between Acunetix 360 and ServiceNow VR.

Step 1: How to download the ServiceNow VR plugin

  1. Log in to Acunetix 360.
  2. From the main menu, select Integrations > New Integration.
  3. Select ServiceNow Vulnerability Response.

  1. Click Download Plugin.

You now have the necessary file to continue with Step 2 to set up the connection with ServiceNow VR.

Step 2: How to set up the connection with ServiceNow VR

  1. Log in to your ServiceNow VR platform.
  2. Search for 'system update sets', then select Retrieved Update Sets from the search results.

  1.   Click Import Update Set from XML.

  1. Click Choose File and select the Invicti ServiceNow Vulnerability Response file that you downloaded in Step 1. Then click Upload.

  1. Click on the file name Invicti Enterprise Vulnerability Response to open the file.

  1. Click Preview Update Set.

  1. Click Close when the Update Set Preview dialog box indicates the action has succeeded.

  1. Click Commit Update Set.

  1. Click Close when the Update Set Commit dialog box indicates the action has succeeded.

Acunetix 360 is now connected with your ServiceNow VR instance. Continue with Step 3 to configure ServiceNow VR with Acunetix 360.

Step 3: How to configure ServiceNow VR with Acunetix 360

  1. Log in to Acunetix 360.
  2. From the main menu, select Integrations > New Integration.
  3. Select ServiceNow Vulnerability Response.

  1. Enter the following information:
  • Name: This is the name for the integration.
  • URL: This is the URL for your ServiceNow VR platform.
  • Username: This is your ServiceNow VR Username.
  • Password: This is your ServiceNow VR Password.

  1. Click Load ServiceNow Details. If the connection is successful, the Vulnerability Response Configuration section appears.

  1. In the Mandatory Fields section, edit the Title Format field if you want different information pulled into your ServiceNow VR application. The default fields are target, vulnerability, and severity. This is a free text field where you can add any mandatory fields that you want to pull from Acunetix 360 into ServiceNow VR.

  1. Choose a template type for the vulnerability description: Standard (fewer issue fields) or Detailed (more issue fields). This determines the vulnerability information that is pushed into the Notes field on ServiceNow VR.

  1. Use the Optional Fields section to select additional fields you have configured in ServiceNow VR that you want to integrate with Acunetix 360.

    For example, in the image below we have selected Assignment group and Problem Analyzers, which are a defined group of people in our ServiceNow VR instance. This configuration means that detected vulnerabilities will automatically be sent to ServiceNow VR and assigned to the Problem Analyzers.

To add additional fields for configuration, click + Add Field.

  1. Select a configuration item from the drop-down list to match targets to your Vulnerability Response configuration.

  1. Click Save.

Your integration with ServiceNow VR is configured and ready to use. Follow the steps below to create a sample issue to test the integration.

NOTE: You will need to repeat these steps whenever the plugin file is updated.

How to create a sample issue to test integration

  1. From the Acunetix 360 main menu, select Integrations > Manage Integrations.
  2. Next to the relevant ServiceNow VR integration, click Edit.

  1. Select Create Sample Issue.

Acunetix 360 exports a sample issue to ServiceNow VR to test the integration. If successful, a ticket is opened in ServiceNow VR.

TIP: If you experience any issues while setting up the integration, contact our support team for assistance.

How to view issues in ServiceNow VR

You can view the issues you have sent to ServiceNow VR on the Open issues page.

If you have already previously submitted this vulnerability to ServiceNow VR, it will already be accessible. You cannot submit the same issue twice.

Now that the integration is set up, you can configure bi-directional integration if you want changes to issue status in ServiceNow VR to be reflected in Acunetix 360.

How to configure bi-directional integration

  1. In Acunetix 360, go to Integrations > Manage Integrations.
  2. Select Edit next to the relevant ServiceNow VR integration.
  3. Scroll down to the Webhook Settings section.
  4. Click the Copy to clipboard icon at the end of the Webhook URL.

  1. In ServiceNow VR, use the Filter Navigation textbox to search for 'business rules'.
  2. Under System Definition, select Business Rules.

  1. Search for Invicti webhook and select Invicti webhook business rule from the search results. 
  2. Select the Advanced tab.
  3. Modify the script by pasting the webhook copied from Invicti Enterprise into the endpoint = ' ' parameter.

var endpoint = ‘PASTE YOUR SERVICENOW WEBHOOK HERE’;

  1. Click Submit.

Bi-directional integration is now configured. Refer to the following section to configure issue states so that when you change a vulnerability status in ServiceNow VR to your preferred resolved status, the issue is automatically marked as Fixed (Unconfirmed) in Acunetix 360, and a retest scan is started.

How to configure issue states

In Acunetix 360, you can map the issue states to correspond with the status values you have assigned in ServiceNow VR. Follow the instructions below to find and map your status values.

  1. In ServiceNow VR, use the Filter Navigation textbox to search for 'vulnerable items'.
  2. Under Vulnerability Response, select Vulnerable items.
  3. Select one of your vulnerabilities from the list.
  4. Select Configure table.
  5. Select State from within the table.

  1. Copy the assigned status value to the corresponding issue state field in Acunetix 360. For example, if resolved issues are set to "101" in ServiceNow VR, then you need to enter 101 into the Resolved Status field in the Webhook Settings section of the integration in Acunetix 360.

NOTE: You cannot have duplicate states.
When an issue status changes to resolved in ServiceNow VR, that issue will always be automatically marked as 'Fixed (Unconfirmed)' in Acunetix 360, and a retest scan triggered.

« Back to the Acunetix Support Page