Remediate vulnerabilities

The flexibility inherent to Vulnerability Response allows you to remediate vulnerabilities in whatever way suits your security organization. You can work with vulnerable items directly or from vulnerability records.

Before you begin

Role required: sn_vul.vulnerability_write

Procedure

  1. To view a list of all vulnerabilities, navigate to Vulnerability > Vulnerabilities > All Vulnerabilities.
    Note: You can also navigate directly to vulnerable items via Vulnerability > Vulnerabilities > All Vulnerable Items.
  2. Click a vulnerability record (VUL) that is in the New state.
    The New state indicates that the record has not yet been worked on. The form displays:
    • a reference to a Common Weakness Enumeration (CWE) entry, if applicable.
    • summary information for the vulnerability.
    • the vulnerability score of the vulnerability using Common Vulnerability Scoring System (CVSS). For more information on the CVSS, see the National Vulnerability Database website.
  3. To view vulnerable item records (VIT) contained in this vulnerability, scroll down to the Vulnerable Items related list.
  4. When you are ready to start working on the record, change the State field to Analysis.
  5. Perform whatever tests or analysis you want on the vulnerabilities.
  6. To escalate the vulnerability to another team or to view and add information on impacted business services to a vulnerable item, you have the following options.
    Option Step
    If the vulnerable item poses a risk to your IT environment, you create a CHG record and escalate the issue to Change Management team. Click Create Change.
    If the vulnerable item causes an error in the IT infrastructure, you can create a PRB record and escalate the issue to the Problem Management team. Click Create Problem.
    If the vulnerable item poses a potential security risk to your organization, create a security incident record and escalate the issue to the Security Incident Response team. Click Create Security Incident.

    This button is displayed when Security Incident Response is activated.

    If you are working on a vulnerable item, you can view and add business services impacted by the vulnerable item. On the Vulnerable Item form, click the Affected Services related list. If an affected CI associated with the vulnerable item is added or updated, information in this related list is automatically updated when the record is saved.
    Note: You can also right-click in the form header and select Refresh Affected Services.
    After you create a change request, problem record, or security incident, the appropriate record appears in the Tasks related list on the Vulnerable Item form.
  7. You can view SLAs associated with the vulnerability in the Task SLAs related list.
  8. If you determine that the issue is a low priority and can either be deferred or immediately closed without further analysis, click Close Item.
    For instructions, see Close or ignore a vulnerability.
  9. If you have set up a third-party integration and a scheduled job that automatically updates and scans records at a set interval, the vulnerabilities are scanned at the next scheduled date and time. Alternatively, you can manually initiate a vulnerability scan.
    If the scan again returns the vulnerability, the VUL record returns to the Analysis state. If the vulnerability is not found, the VIT transitions to the Closed state.