Clarity Service Management

Expand all | Collapse all

Loading vulnerability scan details into CMDB

  • 1.  Loading vulnerability scan details into CMDB

    Posted 02-08-2018 03:21 PM

    Is anyone loading their security scan details into their CIs/CMDB?  (last scan, number and level of findings etc.)  Are you doing this through a web service or manually?



  • 2.  Re: Loading vulnerability scan details into CMDB

    Posted 02-09-2018 02:03 AM

    Hi Jennifer,

     

    I don't believe this is part of the OOTB info. However you can add fields to capture this in the schema via WSP and later use either webservices or grloader to input this into the CMDB. Alternatively, if this information in another product, it might just be easier to use an MRD that lauches to this product instead of having all this directly in the CMDB. You might also want to look in to CA ITCM (IT Client Manager) product to check if this is something that can be discovered?

     

    Hope this helps somewhat...

     

    ===

    Kind Regards,

    Brian



  • 3.  Re: Loading vulnerability scan details into CMDB

    Posted 02-09-2018 12:08 PM

    Thank you- this is what we are looking into.  Adding custom fields to application and website CIs and using webservices to populate them.  Having it in the CMDB would improve our reporting and simplify test scheduling since the data is pulled into our Enterprise Data Warehouse nightly.  I was hoping someone was already doing something similar to compare notes.   



  • 4.  Re: Loading vulnerability scan details into CMDB

    Posted 02-12-2018 03:45 AM

    Hi Jennifer,

     

    As mentioned in my previous note it sounds like a simple MDR would be sufficient for this sort of thing.

     

    Have a look at the MDR documention, which might be helpful:

     

    MDR-Management - CA Service Management - 14.1 - CA Technologies Documentation 

     

    Otherwise you can still be OK to use a custom field if all there is to it is just a URL that should launch in the context of the application of where there data is sitting.

     

    ===

    Kind Regards,

    Brian



  • 5.  Re: Loading vulnerability scan details into CMDB

    Posted 02-09-2018 11:58 AM

    Jennifer, if you have the security scan details in some files, you can attach those files to the CIs. Depending on how many such reports exist and how many CIs affected, you could do this manually, or use custom some soap WS scripts.

    Thanks _Chi



  • 6.  Re: Loading vulnerability scan details into CMDB

    Posted 02-09-2018 12:05 PM

    Thank you for your suggestion. I'm not wanting to attach the reports as they are done on a regular schedule and it would become unwieldy.  We would attach a URL to the repository where the full reports are kept.  I am more interested in a few details within the CI- keeping the last scan date and the findings from the last scan so that it can be reported out of the CMDB.  It is currently tracked by the team manually in spreadsheets.