Vulnerability Response remediation Vulnerability Response remediation is primarily a manual process performed at the group level. Scheduled jobs and workflows augment this process. You can compare vulnerability-related data, pulled from internal and external sources, to vulnerable resources and software identified in the Software Asset module using Vulnerability Response. If a vulnerability is found in an asset, assign IT to resolve it by creating change requests. If the vulnerability is a security incident and Security Incident Response is activated, you can create security incident records. Most remediation is done from the vulnerability group. There are multiple ways to Remediate vulnerabilities. From the Under Investigation state, create change requests or defer or close the group. Note: You can create a security incident from a vulnerability. Assignment rules are used to automate vulnerable item or vulnerability assignments. Due to the large volume in data imports, care should be taken with automated vulnerable item assignment.