System properties

Explore essential system properties for optimizing Nozomi Vulnerability Integration in ServiceNow. Read how to view, adjust, and manage settings related to data import duration, batch size, and timing buffers to ensure accurate and efficient vulnerability detection integration.

The values of these properties have been set for optimal performance without additional configuration. However, if necessary, users with the x_none_nozomi_vr.admin role can modify them. To view these properties, got to Nozomi Vulnerability Integration > Admin > Properties.

detection_integration_delta_days_default

By default, a Nozomi Asset CVEs Integration (which pulls in vulnerability detections) will initially import data reaching back (VALUE) days. The default value is 90.

If you wish to import more than 90 days of data on the initial integration run, for example if you wanted to import the past 6 months of data, you would change this value to 180.

You can also got to the related Nozomi Integration Record Nozomi Vulnerability Integration > Integrations and manually change the Start time field to the desired date/time.

detection_integration_page_size

When importing vulnerability detections, the data will be pulled from the API (VALUE) records at a time. The default value is 500.

If you increase the value of this property, more data will be imported with each application programming interface (API) call, which will result in fewer API calls to Nozomi for each integration run. If you decrease the value of the property, there will be more API calls to Nozomi, as the data will be imported in smaller chunks.

node_cve_integration_start_time_buffer

When doing a delta import for Node CVE Integration, the Start time sent to the API will be {VALUE} hours before the Start time on the integration record, to make sure that we get any new records from the API that may have been created during the previous integration run.

The default value is 4.

The integration uses a buffer to make sure that no records are missed from Nozomi, if vulnerability detection records are created in Nozomi while the ServiceNow integration is running.

Example:

Nozomi Vulnerability Integration is set to run every day at 2:00 AM.

The integration starts at 2:00 AM.

The integration ends at 3:00 AM.

The Start time for the next integration run is 3:00 AM.

It is possible that some vulnerability detections were created in Nozomi between 2:00 AM and 3:00 AM.

The value of the node_cve_integration_start_time_buffer is 4 (hours).

The next time the integration runs (2:00 AM), the API call will pull in data from the Start time (3:00 AM), minus the buffer hours (4 hours by default). So the integration will pull data from Nozomi that has been created/updated since 11:00 PM the previous day.