Auto-Creating ServiceNow Tickets for Specific Vulnerabilities with Kenna & SecureX
Share with Your Network
One of the many reasons why Cisco’s acquisition of Kenna has excited us is the ways in which Kenna can be integrated with SecureX, Cisco Secure’s security platform, which offers powerful orchestration capabilities. Late last year, we saw the first such integration come to life: an incident enrichment automation workflow that allows SecureX users to validate risk with intelligence from Kenna. (If you haven’t had a chance to check this out yet, you can see a demo of the workflow in our on-demand webinar, Cisco SecureX + Kenna Security: Bringing Simplicity to You).
Today, I’m pleased to share another integration—one that allows SecureX orchestration to automatically create ServiceNow tickets for Kenna.VM vulnerabilities. Let’s dig in.
The use case: Automatic ticket creation
We’re no stranger to the appeal of automating various parts of the vulnerability management workflow. Clients are keen on the concept of auto-ticketing, and this new integration is an application of this concept made possible by SecureX—specifically, SecureX orchestration, which gives us the ability to automate this process based on a client’s configured rules.
With this new integration, Kenna.VM customers can automatically create tickets within ServiceNow for vulnerabilities within a dedicated Risk Meter, or group of assets. Customers don’t need to have a Cisco Secure product already in place; entitlement to SecureX is included with their existing Kenna subscription. Once that entitlement is set up, they will need to configure a Risk Meter that meets a few requirements: eligible vulnerabilities must have a due date assigned, have an associated fix, and not be assigned a ServiceNow ticket. The workflow itself can then be set up within SecureX orchestration.
Tickets are created at the asset level, and vulnerabilities that are queued into this workflow will roll up into one ticket per asset. (Note: A maximum of 500 tickets can be created during each workflow run.) So, when the workflow runs, you will see one ticket for each asset with all the vulnerabilities that meet the criteria within the workflow. Every ticket will include a description that outlines the asset, vulnerability count, operating system, asset score, and a link back to the asset record (Figure 1).
Figure 1: This workflow will create incident tickets within ServiceNow. The Notes tab will include details about the vulnerabilities queued for remediation.
On the Kenna.VM side, customers can view ticket information as well, such as a “ServiceNow” label on any vulnerabilities routed through the workflow (Figure 2), a ServiceNow section on the Vulnerabilities Detail page, and a ServiceNow Ticket Status filter on the Explore page.
Figure 2: Vulnerabilities routed through this workflow will show a ”ServiceNow” label within Kenna.VM.
If the user would like to schedule a workflow to run at a given interval within SecureX, that option is available, too.
An exciting first step for automation with SecureX
It’s really satisfying to see this integration come to fruition, especially given the fact the Kenna team only joined Cisco a few months ago. We have always been proud of the value proposition that Kenna.VM delivers to our customers: the ability to significantly reduce the number of vulnerabilities that Security and IT teams must spend limited cycles on. But—and this is where we give a massive shoutout to our SecureX family—the orchestration capabilities that SecureX allows us to leverage gives us the ability to bring another layer of value: the automation of critical tasks that can help speed up remediation and reduce risk.
Of course, this is a first use case and, yes, it has some limitations (there are a few assumptions and caveats we encourage you to chat with your Customer Success or Sales rep about this if you’re interested). But it’s an important first step in bringing to life the value of SecureX’s orchestration capabilities to our Kenna customers and, ultimately, the future of Kenna as part of the Cisco Secure portfolio. We can’t wait to see how these use cases expand and hope you’ll join us for the journey.
- Video: SecureX orchestration – Kenna Fixes to ServiceNow Incidents Workflow
- SecureX Workflow: Fixes to ServiceNow Incidents
If you’re interested in learning more about this integration, please contact your Customer Success representative.