We are excited to announce that Tenable Web App Scanning (WAS) is now fully integrated with ServiceNow Vulnerability Response! This update allows security teams to automatically synchronize application metadata and vulnerability findings discovered through Tenable’s Dynamic Application Security Testing (DAST) directly into ServiceNow.

Key Benefits:

• Unified Security Posture: Maintain a single, comprehensive view of your application security in one platform.
• CMDB Correlation: Automatically map Tenable WAS findings to your CMDB applications for better asset context.
• Risk-Based Prioritization: Prioritize remediation efforts using severity, CVSS, and specific risk indicators.
• Scalable Data Ingestion: Uses Tenable Export APIs to retrieve data in chunks, ensuring high performance even for large-scale environments.

What’s New in this Release:

• Automated Asset Sync: Seamlessly import application assets from Tenable WAS using the Assets Export APIs and create import queue entries for transformation.
• Vulnerability Ingestion: Import vulnerability findings and associated metadata using Tenable WAS Export Findings APIs  to create Application Vulnerable Items (AVITs).
• Flexible Lookup Strategy: A new "Lookup strategy" field allows you to independently configure CI Lookup or Product Model settings for each integration.

Compatibility:  Fully compatible with ServiceNow’s Zurich, Yokohama, Washington, and Xanadu releases.

View the Released App | View Documentation

Questions? We're here to help! Reach out to us at connect.tenable.com. 

— Ahmad Maruf
Principal Product Manager,
Tenable Ecosystem