Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Remediate vulnerability groups

Remediate vulnerability groups

The flexibility inherent to Vulnerability Response allows you to remediate vulnerabilities in whatever way suits your security organization.

Before you begin

Role required: sn_vul.vulnerability_write

Procedure

  1. Navigate to Vulnerability > Vulnerabilities > Vulnerability Groups.
  2. Click a vulnerable group record (VUL) that is in the Open state.
    The Open state indicates that the record has not yet been worked on. The form displays:
    • Vulnerability group information
    • Group Configuration details
    • Notes
    • Associated VIs
    • Task SLAs
    • Change Requests
  3. When you are ready to start working on the record, change the State field to Under Investigation.
  4. Perform whatever tests or analysis you want.
  5. To escalate the vulnerability group to another team or to view and add information on impacted business services to a vulnerable item, you have the following options.
    Option Step
    If the vulnerable item poses a risk to your IT environment, you create a CHG record and escalate the issue to Change Management team. Click Create Change.
    If the vulnerable item poses a potential security risk to your organization, create a security incident record and escalate the issue to the Security Incident Response team. Click Create Security Incident.

    This button is displayed when Security Incident Response is activated.

    After you create a change request, problem record, or security incident, the appropriate record appears in the Change Requests related list on the Vulnerability Group form.
  6. You can view SLAs associated with the vulnerability in the Task SLAs related list.
  7. If you determine that the issue is a low priority and can be deferred, click Close/Defer.
    For instructions, see Defer a vulnerability group.
  8. If you determine that the issue can be immediately closed without further analysis, click Close/Defer.
    For instructions, see Close a vulnerability group.
  9. If you have set up a third-party integration and a scheduled job that automatically updates and scans records at a set interval, the vulnerabilities are scanned at the next scheduled date and time. Alternatively, you can manually initiate a vulnerability scan using the Scan for Vulnerabilities related link.
    If the scan again returns the vulnerability, the VUL record returns to the Under Investigation state. If the vulnerability is not found, the VI transitions to the Closed state.