Create vulnerability group rules

You can create rules to automatically group vulnerable items based on filter conditions.

Before you begin

Role required: sn_vuln.admin

About this task

The base system ships with one vulnerability group rule, Vulnerability, which groups vulnerable items by vulnerability. This rule can be modified using filter conditions and group keys. Group keys are columns in the vulnerable item table. Select up to three basic keys and/or advanced keys to indicate what values should be used to group the vulnerable items.

Procedure

  1. Navigate to Vulnerabilities > Administration > Vulnerability Group Rules.
  2. Open the Vulnerability rule or click New.
  3. If New, fill in the fields on the form, as appropriate.
    Table 1. Vulnerability Group Rule
    Field Description
    Name Name of the group rule.
    Active Indicates whether the group is active.
    Limit vulnerable items Optional filter condition for the rule.
    Group by
    Key 1 A column in the vulnerable item table used to refine the rule.
    Key 2 A column in the vulnerable item table used to refine the rule.
    Key 3 A column in the vulnerable item table used to refine the rule.
    Advanced Advanced options allow you to select Keys from specific CI classes, and third-party vulnerabilities.
    CI class Select a CI class.
    CI key Select a CI key.
    Vulnerability class Select a Vulnerability class.
    Vulnerability key Select a Vulnerability key.
    Assignment
    Assign by
    To automate the assignment of groups created based on this rule, choose one of the options available.
    • Assignment group
    • Assignment group field
    • Assignment rules
      Note: If you choose the Assignment rules option, be sure to save the Group rule form to see the Assignment rules section.
    When automatically assigning vulnerability groups, the assignment key is used in addition to the Group By Keys to group the vulnerable items. New groups are created, as needed, to ensure that each vulnerable item is placed in a group with the specified assignment group set.
    Note:

    There are three Assignment group fields available. However, this list is a choice list field and you can add any number of group fields that are accessible by dot-walking from the Vulnerable Item (sn_vul_vulnerable_item) table.

    For example, if there is an Application Support group as part of the cmdb_ci support group, you can add that in this list. For more information on how to configure a choice list see definitions View choice list definitions .
    Note: Adding choices, especially using dot-walking, requires ServiceNow expertise.
    Note: The Clear Group By Keys related link removes the group keys from the form. If you decided to use one of the advanced keys instead, you can use this link to clear the group by keys before selecting your advanced options.

Vulnerability group rules examples

Examples of vulnerability group rules using vulnerability and risk, or impact, or configuration item (CI).

Vulnerability group rule to group high risk Java and Oracle vulnerable items

This example shows a walk-though of the rule that groups Java and Oracle VIs by vulnerability and assigns them to their respective support groups.

.
Vulnerable items grouped by business impact and risk score, assigned to support teams

Right-click in the header to Save your Group By selections.

Select Assign by Assignment rules in the Assignment tab.

Assignment rule form

Click New.

Select your conditions and choose an Assignment group.

Assignment rule for Java Support Team

Click Submit.

Repeat to add the Oracle Admin group.

Assignment form with Java Support Team

Click Update.

Vulnerability group rule to group all high impact vulnerable items by Vulnerability and CI support group

This example shows the form field settings for a group rule for high impact VIs that assigns them to the CI support group.

Grouped by vulnerability and CI support group
Assigned to CI support group

Vulnerability group rule to group all the high risk vulnerabilities on an external-facing CI in a German data center

This example shows the form field settings for a group rule for high risk vulnerabilities on external facing CIs in a German data center. They are assigned to the German data center assignment group.

Group by high risk vulnerabilities and external-facing CIs in a German data center
Assigned to German data center