In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial. As organizations strive to fortify their defenses, tools like ServiceNow Vulnerability Response play a pivotal role. However, recent developments in the National Vulnerability Database (NVD) will require users to upgrade their ServiceNow Vulnerability Response plugins to support the new 2.0 API.
The NVD has long been a cornerstone for cybersecurity professionals, providing a comprehensive repository of vulnerability information. Recognizing the need for improvement, the NVD has deprecated its 1.0 API, signaling a shift towards a more robust and feature-rich 2.0 API.
For ServiceNow users leveraging the Vulnerability Response application, the deprecation of the 1.0 API means that existing integrations will no longer be supported as of December 15th, 2023. If users do not transition to the 2.0 API before this day, the NVD integration will no longer be functional. To maintain seamless vulnerability management and ensure your organization is equipped to handle the latest threats, it's imperative to upgrade your NVD plugin to support the 2.0 API. The below plugin versions are required to support the NVD 2.0 API:
Once the plugins have been upgraded, you will need to activate the new integration jobs that leverage the 2.0 API.
An additional consideration while upgrading the integration is to begin using an API key if you are not already. While not required, using an API key increases the API call limit to the NVD and reduces integration job failures due to rate limiting.
For ServiceNow Vulnerability Response users, the transition should be seamless once the new jobs are activated. If you would like to find more information on the differences between the 1.0 API and 2.0 API, see the transition guide on NIST's NVD website.
NVD API Key Information is available here.
ServiceNow has provided information about this change on the Security Operations community page.