Hamish Dean Portfolio

Use Of Servicenow for Azure-Integrated GRC & Vulnerability Management

The summary is AI generated

02/2026

lab notes servicenowDownload

Project: Azure-Integrated GRC & Vulnerability Management Pipeline

Role: GRC Analyst / Systems Integrator

Tools: Microsoft Azure, ServiceNow (IRM/GRC & CMDB), Tenable Nessus, ISO 27001 Framework.

1. Executive Summary

Designed and deployed a fully automated Integrated Risk Management (IRM) pipeline that bridges the gap between Cloud Operations and Governance. The project successfully ingested 187 Azure Cloud Assets into a ServiceNow CMDB, scoped them against ISO 27001 control objectives, and operationalized a closed-loop vulnerability management lifecycle using Tenable scan data.

2. The Architecture

  • Source of Truth: Microsoft Azure (187 Virtual Machines).
  • System of Record: ServiceNow CMDB (Ingestion via Import Sets & Transform Maps).
  • Governance Engine: ServiceNow Policy & Compliance Module (ISO 27001).
  • Validation Tool: Tenable Nessus (Vulnerability Scanning).

3. Technical Implementation

Phase 1: Cloud Asset Ingestion (CMDB)

  • Challenge: The organization needed a unified view of shadow IT and cloud assets to enforce security policies.
  • Action: Exported live inventory from Azure and configured a ServiceNow Transform Map.
  • Key Technical Decision: Implemented Object ID (GUID) coalescing instead of Name-based coalescing. This ensured data integrity even if server names changed, preventing duplicate CMDB records.
  • Result: Successfully populated the cmdb_ci_vm_instance table with 187 verified assets including metadata (OS, IP, Status).

Phase 2: Dynamic Scoping & Compliance

  • Challenge: Manual assignment of controls to 100+ servers is unscalable and prone to error.
  • Action: Created Entity Filters to automatically generate “Auditable Entities” for every Linux and Windows asset in the environment.
  • Control Logic: Defined a Control Objective linked to ISO 27001 A.8.20 (Network Security), specifically mandating “Restrict Public RDP Access.”
  • Result: Automated the generation of 187 control records. Any new VM added to Azure is now automatically scoped for compliance within 30 seconds.

Phase 3: Vulnerability Assessment (The Evidence)

  • Action: Executed a targeted Tenable Nessus vulnerability scan against a high-risk asset (linux-target-1).
  • Finding: Detected critical vulnerabilities (High Severity) and open public ports.
  • Integration: Manually bridged the scanner-to-GRC gap by attaching the Tenable Executive Report (PDF) directly to the ServiceNow Audit Finding, establishing a clear chain of custody for the evidence.

Phase 4: Remediation Lifecycle

  • Action: Managed the “Issue” record through the complete ITIL workflow:
    1. Triage (Analyze): Verified scan artifacts to rule out false positives.
    2. Response: Assigned a Remediation Task to engineering to patch OpenSSL.
    3. Verification (Review): Enforced the “Four-Eyes Principle” by requiring a separate review step after the engineering task was marked complete.
    4. Closure: Formally closed the GRC Issue only after validation.