Versions Compared

Old Version 1

changes.mady.by.user Hector Ruiz

Saved on

compared with

New Version 2

changes.mady.by.user Hector Ruiz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Creating a GRC Tool

Currently, ThreadFix only supports ServiceNow for Governance, Risk and Compliance (GRC) tool integration. To create a new GRC tool, navigate to the GRC Tools page (Configuration cog → Integrations → GRC Tools) and click the Create GRC Tool button.

This will display a New GRC Tool modal dialog...

  • Fill in the Name, URL and credentials, then click the 'Get Table Names' button.
  • The URL and credentials are checked, and if accurate, you will need to fill in & select the 'ThreadFix Application Mapping To' and 'ThreadFix Vulnerability Mapping To' fields.
  • Click the Create GRC Tool button.

Image Modified


This will display a Design Submit Form modal, which lists all the fields available in your GRC instance...

To specify the fields you wish to include when submitting a GRC control, drag the desired fields from the Fields column to the Fields to Display column.

Image ModifiedImage Modified



You'll receive a success message, and your new tool will be displayed in the GRC Tools list.

Image Modified


Next, click the Get Apps button. This will give you a list of available ServiceNow Applications, as well as any existing mappings.

Image Modified

Note

Note that the Get Apps button is now named Sync Apps. Going forward, this button adds/removes GRC applications that have been added/removed since the last sync.


Creating a New GRC Application

To create a new application in your GRC tool from ThreadFix and map an existing ThreadFix application to it, click the Create App button. This will display a modal dialog. Choose the team and application from the dropdown menus, and click the Save button.

Image Modified

 

Your new GRC application appears in the list:

Image Modified


Creating and Editing Mappings

Click the Edit Mapping button in the row of the GRC application you would like to map to ThreadFix. Select the team and application you wish to map to and click the Save button.

Image Modified

Click the Sync Apps button to synchronize your mappings with ServiceNow.


Scheduled Updates

You can schedule your GRC applications to update on a regular schedule. Click the Scheduled Updates tab.

To create a new schedule, click the Create Scheduled Update button. A modal dialog appears. Choose between "Daily" and "Weekly" backups, select a time for the update to run, and click the Add Scheduled Update button.

Image Modified


Your new schedule is saved and displayed in the schedule list, as below.

Image Modified


To delete a scheduled update, click the Delete button. You will be asked to confirm the deletion. A success message will be displayed, and your scheduled GRC tool update removed from the display list.


Submitting GRC Controls and Updating Status

Now, if you click on the application you have mapped, you are taken to the applications details for that application. Since the application is linked to a GRC tool, some new, GRC tool-specific actions appear...

Submit GRC Control

From the vulnerability tree, open a node, and select a vulnerability. Now, click the Action menu and select Submit GRC Control (or Submit Multiple GRC Controls).

Image Modified

 

ThreadFix will display a modal dialog with the vulnerability(ies) that it will submit.

Image Modified


This will close the dialog and present you with a success message that the selected controls were submitted to the GRC tool. The vulnerability(ies) will have a badge reflecting the control number(s) submitted.

Image Modified


Clicking the badge will open the control in a separate tab.


Update GRC Status

From the top Actions dropdown menu, select Update GRC Control Status.

Image Modified

You will be presented with a success message that your update request was submitted to the GRC tool.





 

Table of Contents