Versions Compared

Old Version 4

changes.mady.by.user Daniel Colon

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Colon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated screenshots
Image Added

📙 You will learn

How to create, submit, and update a Governance, Risk and Compliance (GRC) Tool.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: N/A

Creating a GRC Tool

Currently, ThreadFix only supports supports ServiceNow for  for Governance, Risk and Compliance (GRC) tool integration.

  1. To create a new GRC tool,

navigate to the GRC Tools page (Configuration cog → Integrations → GRC Tools) and click the Create GRC Tool button.

  1. from the Navigation sidebar expand the Application menu, and click to open the Integrations sub-menu. Select the GRC Tools page and click the Create GRC Tool button.

    Image Added

     

  2. This will display

a

  1. New GRC Tool modal dialog

...

  1. :

    1. Fill in the Name, URL and credentials, then click the 'Get Table Names' button.

    2. The URL and credentials are checked, and if accurate, you will need to fill in & select the 'ThreadFix Application Mapping To' and 'ThreadFix Vulnerability Mapping To' fields.

    3. Click

the

    1. the Create GRC Tool

button

    1.  button.

Image Removed
    1. Image Added

       

      Image Added

       

  2. This will display

a

  1. Design Submit Form

modal

  1.  modal, which lists all the fields available in

your

  1. the GRC instance

..

  1. .

  1. To specify the fields

you wish

  1. to include when submitting a GRC control, drag the desired fields from the Fields column to the Fields to Display column. Click the Save Form button.

    Image Added

     

    In the example below, note the selected fields moved from the Fields column to the Fields to Display column.

    Image Added

Image RemovedImage Removed

You'll receive a

  1.  

  2. A success message

,

  1. will display and

your

  1. the new tool will be displayed in the GRC Tools list.

    Image Added

Image Removed

  1.  

  2. Next, click

the

  1. the Get Apps

button

  1.  button. This will

give you

  1. gives a list of available ServiceNow Applications, as well as any existing mappings.

Image Removed
  1. Image Added

 

Note

Note that the the Get Apps button  button is now named named Sync Apps. Going forward, this button adds/removes GRC applications that have been added/removed since the last sync.

Creating a New GRC Application

To create a new application in your a GRC tool from ThreadFix and map an existing ThreadFix application to it, click the the Create App App button. This will display a modal dialog. Choose the team and application from the dropdown drop-down menus, and then click the the Save button button.
Image Removed

Image Added

Your The new GRC application appears in the list:
Image Removed

Image Added

Creating and Editing Mappings

  1. Click

the

  1. the Edit Mapping

button

  1.  button in the row of the GRC application

you would like

  1. to map to ThreadFix. Select the team and application

you wish

  1. to map to and click

the

  1. the Save

button

  1.  button.

Image Removed
  1. Image Added

     

  2. Click

the

  1. the Sync Apps

button

  1.  button to synchronize

your

  1. the mappings with ServiceNow.

Scheduled Updates

You Users can schedule your GRC applications to update on a regular schedule . Click the with the following procedure:

  1. Click the Scheduled Updates

tab

  1.  tab.

  2. To create a new schedule, click

the

  1. the Create Scheduled Update

button

  1.  button. A GRC Tool Update modal dialog appears. Choose between "Daily" and "Weekly" backups, select a time for the update to run, and click

the

  1. the Add Scheduled Update

button

  1.  button.

Image Removed
  1. Image Added

     

Your

  1. The new schedule is saved and is displayed in the schedule list

,

  1. as seen below.

Image RemovedImage Added

To delete a scheduled update, click the Delete button. You will be asked to the Delete button and confirm the deletion. A success message will be displayed, and your the scheduled GRC tool update will be removed from the display list.

Submitting GRC Controls and Updating Status

Now, if you users click on the application you have that has been mapped, you are users will be taken to the applications details for that application. Since the application is linked to a GRC tool, some new , GRC tool-specific actions appear...

Submit GRC Control

  1. From the vulnerability tree, open a node, and select a vulnerability.

Now, click the Action menu and select

  1. Click the Action drop-down menu and select Submit GRC Control (or

Submit

  1.  Submit Multiple GRC Controls).

Image Removed
  1. Image Added

 

ThreadFix will display a modal dialog with the vulnerability(ies) that it will submit.
Image Removed

Image Added

This will close the dialog and present you with a success message that the selected controls were submitted to the GRC tool. The vulnerability(ies) will have a badge reflecting the control number(s) submitted.

Image Removed

Clicking the badge will open the control in a separate tab.

Image Added

Update GRC Status

From the top Actions dropdown drop-down menu, select select Update GRC Control Status.
Image Removed

Image Added

You ThreadFix will be presented with display a success message that your the update request was submitted to the GRC tool.

Table of Contents

Table of Contents