Rapid7 Vulnerability Integration fails with error "Encountered error during processing: Error: Attachments not deleted"Issue Rapid7 Vulnerability Integration was failing to import the data and the Vulnerability Data Source Import Queue entries were in the 'Error' status with the below error message:Encountered error during processing: Error: Attachments not deletedCauseThe scheduled job 'Scheduled Vulnerability Data Source Processor' is responsible for deleting the existing attachment from the data source and copying over the new one from the queue entry. https://INSTANCE.service-now.com/nav_to.do?uri=sysauto_script.do?sys_id=f382717f9f31020034c6b6a0942e70b3This job's 'Run as user' is VR.System.Although the user has the sn_vul.vr_import_admin role, if the import_admin role is missing, the user won't have the right privileges to delete the attachment. Sample log errors look like below: 2024-09-13 03:17:45 (336) worker.6 worker.6 txid=82f08c3e9360 SSI_aa1b81669f31020034c6b6a0942e7014 WARNING *** WARNING *** Security restricted: Unable to delete attachment sys_data_source.6bf4245f83ce829c81096a70deaad312 2024-09-13 03:17:45 (341) worker.6 worker.6 txid=82f08c3e9360 SSI_aa1b81669f31020034c6b6a0942e7014 SEVERE *** ERROR *** sn_vul (VulnerabilityDSAttachmentManager): VulnerabilityDSAttachmentManager._processQueueEntry: Attachments not deleted for queue entry f9e0443a3b6012589667223a85e45af4 2024-09-13 03:17:45 (427) worker.6 worker.6 txid=82f08c3e9360 SSI_aa1b81669f31020034c6b6a0942e7014 WARNING *** WARNING *** sn_vul (VulnerabilityDSAttachmentManager): Encountered error during processing of queue entry f9e0443a3b6012589667223a85e45af4 for the integration process VINTPRC0635775. Error was Attachments not deleted undefined 2024-09-13 06:52:15 (252) worker.7 worker.7 txid=0c12747647ec SSI_aa1b81669f31020034c6b6a0942e7014 WARNING *** WARNING *** Security restricted: Unable to delete attachment sys_data_source.4010c891b7623300a821bc48ee11a9d5 2024-09-13 06:52:15 (255) worker.7 worker.7 txid=0c12747647ec SSI_aa1b81669f31020034c6b6a0942e7014 SEVERE *** ERROR *** sn_vul (VulnerabilityDSAttachmentManager): VulnerabilityDSAttachmentManager._processQueueEntry: Attachments not deleted for queue entry a402f0b293a456508a33f424fbba1095 2024-09-13 06:52:15 (307) worker.7 worker.7 txid=0c12747647ec SSI_aa1b81669f31020034c6b6a0942e7014 WARNING *** WARNING *** sn_vul (VulnerabilityDSAttachmentManager): Encountered error during processing of queue entry a402f0b293a456508a33f424fbba1095 for the integration process VINTPRC0639101. Error was Attachments not deleted undefinedResolutionRemove the sn_vul.vr_import_admin from the VR.system user and add it back. This will make sure the import_admin is inherited correctly and will make sure the user has the right privileges to delete the attachment. If above doesn't resolve the issue, then check for ACLs on sys_attachment table. My experience - one of the customer has custom ACL on their instance that was restricting the delete. Additionally, please check if there were any role changes made to the "VR.System" user at around the time when above issues started, and try rolling it back to previous state. After making sure appropriate roles present for the "VR.System" user, the VR jobs will start processing.Related LinksRoles installed with Vulnerability Response