Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Vulnerability calculator groups and vulnerability calculators

Log in to subscribe to topics and get notified when content changes.

Vulnerability calculator groups and vulnerability calculators

Only applicable to Vulnerability Response versions prior to 8.0: Vulnerability calculator groups automate calculations on multiple vulnerable items. Calculations are performed on risk scores, priorities, and assignment groups using one or more fields from the vulnerable item table. The condition for each calculator is evaluated in order, and the first matching calculator is used.

All enabled vulnerability calculators in the Vulnerability Calculator Group run each time a vulnerable item is changed or when the Calculate Business Impact related link in a vulnerable item is used. To avoid performance issues, all calculators should specify which values need to have changed, for them to run. Simple calculators create less of a performance impact than scripted calculators.

Vulnerability calculators can be built to prioritize and rate the impact of Vulnerable Items based on any criteria you like by using condition filters. Whether it is the business impact of the vulnerability, the class of the CI, or the age of the Vulnerable Item. A calculator can be written to reflect any set of priorities.

The Vulnerability Response base system includes one Vulnerability Calculator Group, Risk Score.

When the computation is complete, the updated fields are displayed in the vulnerable item.

The base system Risk Score calculator group contains three calculators. One is scripted and the other two are templates.
  • Active vulnerabilities on databases: A simple calculator that selects high severity vulnerabilities on databases, and gives them a high risk score. This calculator is disabled by default.
  • Low level vulnerabilities: A simple calculator that determines your low-level vulnerabilities and gives them a low risk score. This calculator is disabled by default.
  • Computed Risk Score: This scripted calculator attempts to locate business criticality from business services, depending on the CI, and combines that value (if any) with the vulnerability severity. This calculator is enabled by default.
    Note: The Computed Risk Score calculator is enabled by default. Each calculator has an Order setting however, so if another calculator is enabled, the first one to match the conditions updates the Risk score field in the vulnerable item. See Disable the default vulnerability calculator if not used for more information.
From an existing vulnerable item, if you click the Calculate Business Impact related link and Computed Risk Score is enabled, you get an on-demand calculation of the business criticality of the vulnerable item.
Note: The Calculate Business Impact related link is only visible when at least one vulnerability calculator is enabled.
Feedback