Thousands of new vulnerabilities are disclosed each year. This volume makes it impossible for companies to patch everything, but unpatched vulnerabilities leave openings for attackers to strike. Security Operations and IT Operations teams need external threat context to prioritize based on the likelihood of vulnerability exploitation, not just the severity. That’s where Recorded Future comes in.
Recorded Future scores vulnerabilities based on exploitability using real-time data. This gives you the context you need to prioritize patching and prevent attacks. Recorded Future’s machine learning automatically detects reporting of new vulnerabilities and structures this information so Security Operations and IT Operations managers can utilize Recorded Future’s Vulnerability Risk Score as an input into a single prioritization metric that takes the vulnerability threat environment into account.
By harnessing Recorded Future’s rich intelligence in ServiceNow for Vulnerability Response, teams can:
-
Reduce risk by prioritizing patching based on threat severity
-
Minimize expensive off-cycle patches with real-time context
-
Respond quickly with transparency and context
-
Increase team efficiency and simplify workflows
-
Maximize investment in existing security tools
Threat-based risk scores for fast prioritization of vulnerabilities.
Risk Rules and Risk Evidence linked to temporal and base vulnerability life cycle.
Seamless integration with existing third-party scanners.
Recorded Future's Risk Score leveraged in the Vulnerability Response calculator for threat-based patch prioritization.
Deep link to Recorded Future's Portal for further vulnerability enrichment.
Dashboard to get an overview of all vulnerable items and vulnerabilities.
-
Sets the run_as field of the Vulnerability Integration job to VR.System user. This was previously empty which is no longer allowed for security reasons. This change requires additional configuration which is described in detail in the install guide.
- Sets the run_separately field on the Vulnerability Integration to true to prevent multiple runs
running at the same time. - Reworks the Vulnerability Integration logic to properly track the entire import cycle. A
vulnerability integration run will not report state Complete until all data has been imported into
tables. -
Reworks how the app calculates Third-Party risk scores. This fixes several performance issues related to the vulnerability import job. More details on the rework can be found in the change log section of the install guide.
-
Moves the logic for deleting old Recorded Future risk data to a standalone scheduled job. The new scheduled job is called Delete Outdated Vulnerability Risk Data and is set to run once a week. This deletion logic was previously running at the end of every Vulnerability Integration run but was moved to improve performance.
- Vulnerability Response (v.18.2.6 or higher)
The application also requires a valid Recorded Future API Token. This can be acquired by contacting your Recorded Future Account Executive.