If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Vulnerability Response Integration with Invicti imports applications and application vulnerabilities using Application Vulnerability Response. Application Vulnerability Response is a feature in Vulnerability Response that helps you prioritize and remediate application vulnerabilities.
Import applications and application vulnerabilities from Interactive Application Security Testing (IAST) and Dynamic Application Security Testing (DAST) with the Invicti Vulnerability Integration into the Application Vulnerability Response application. This integration supports the following features:
- Data import - Import applications, scan summaries, and application vulnerable items with scheduled jobs that run automatically.
- CI Lookup Rules - Search your CMDB with lookup rules for data on configuration items (CIs) that matches imports from the Invicti Vulnerability Integration.
- A Configuration page enables you to authenticate your API access.
- Invicti integrations that enable you to import the following information:
- Application List Integration - Applications that are scanned by Invicti.
- Scan List Integration - Data about the date and time a scan was run.
- Application Vulnerable Item - Invicti vulnerable item data.
Fixed
- Fixed Invicti Configuration Page cross-scope credentials saving issue. You'll now receive a warning when opening Invicti configurations page from a scope different than the one associated with the Invicti account. This ensures scope alignment before accessing sensitive configuration data. Additionally, an error displays if you attempt to save credentials from a mismatched scope, preventing potential security misconfigurations.
- Fixed warning messages in Invicti Application Vulnerable Item Integration caused by populating a threat field that does not exist in the Application Vulnerable Item table.
-
The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
For information on Vulnerability Response application compatibility see, "Vulnerability Response and Configuration Compliance Compatibility Matrix" under Supporting Links and Docs.
Permissions and roles- Role required: System Admin (admin) or Application Security Manager (User part of App-Sec Manager group)