Rapid7 Vulnerability Integration fails with error "Encountered error during processing: Error: Attachments not deleted"


Description

Rapid7 Vulnerability Integration was failing to import the data and the Vulnerability Data Source Import Queue entries were in the 'Error' status with the below error message:
Encountered error during processing: Error: Attachments not deleted

Cause

The scheduled job 'Scheduled Vulnerability Data Source Processor' is responsible for deleting the existing attachment from the data source and copying over the new one from the queue entry.
https://INSTANCE.service-now.com/nav_to.do?uri=sysauto_script.do?sys_id=f382717f9f31020034c6b6a0942e70b3

This job's 'Run as user' is VR.System.

Although the user has the sn_vul.vr_import_admin role, if the import_admin role is missing, the user won't have the right privileges to delete the attachment.

Resolution

Remove the sn_vul.vr_import_admin from the VR.system user and add it back.
This will make sure the import_admin is inherited correctly and will make sure the user has the right privileges to delete the attachment.

 

If above doesn't resolve the issue, then check for ACLs on sys_attachment table. My experience - one of the customer has custom ACL on their instance that was restricting the delete.

Additional Information

Roles installed with Vulnerability Response