Getting started - IBM/ServiceNow-Guardium-Vulnerability-Assessment GitHub Wiki
Table of contents
When you run Guardium vulnerability assessments, who is assigned to investigate the failures and errors? What is the progress? How long is it taking to fix these issues? How many unique issues were found this week? This month?
ServiceNow modules Vulnerability Response and Configuration Compliance can import and track test results from many different scanning tools. By using ServiceNow as your SOAR solution, you will now be able to answer those questions on Guardium VA test results.
- IBM Guardium version 12.x, 11.5 + Patch 525, or 11.4 + Patch 441 (available in August 2022).
- Patch v11.4-460 (or greater) adds ability to query the Central Manager for version information.
- Patch v11.5-525 (or greater) contains several performance fixes.
- IBM Guardium "service" user with Guardium
vulnerability-accessrole (or Guardiumadminrole) so that the ServiceNow app can use the Guardium REST-API to import data - (Optional) Apply
vulnerability-accessrole to all existing Guardium data sources to permit the ServiceNow app the ability to update and delete existing data sources which result from changes to ServiceNow CMDB
- Tested on ServiceNow releases: Rome, San Diego, Tokyo, Utah, Vancouver, Washington
- ServiceNow Vulnerability Response module
- (Optional) ServiceNow Vulnerability Response Integration with NVD module
- (Optional) ServiceNow Configuration Compliance module
- Create a user to be used as a service account
- This user must have
vulnerability-accessoradminrole
- Open the
IBM Guardium>Central Managerlist - Create a new entry
- Fill in client ID, client secret, (Guardium) user name, user password
- (If Guardium is behind a firewall) fill in the MID server that can reach Guardium
- Open the
IBM Guardium>Central Managerentry - Click the link
Verify configuration - Open the
IBM Guardium>Application Loglist - Refresh the list to see if synchronization completes without error