Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Security Operations
Table of Contents
Choose your release version
    Home New York Security Incident Management Security Operations Vulnerability Response Understanding the Vulnerability Response application Software exposure assessment using Software Asset Management (SAM)

    Software exposure assessment using Software Asset Management (SAM)

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Software exposure assessment using Software Asset Management (SAM)

    Use the ServiceNow® Exposure Assessment application to determine your total installed software count for a specific software package on your assets. When used with the ITSM Software Asset Management application, evaluate your exposure, create vulnerable items, and manage remediation for the vulnerable software you discover.

    Overview

    Determine your exposure to vulnerable software by providing the vulnerable software information (publisher, product, edition and version) without using the Common Vulnerabilities and Exposures (CVE) database. Assess cases of a zero-day (current day) vulnerabilities to software for the following cases:
    • When products do not yet have CVE data.
    • When there is a lag between the time a vulnerability becomes publicly known and the CVE data with the vulnerability is updated in the NVD.
    • When you learn about the vulnerability in-between the scheduled scans of your vulnerability scanner.

    With the Exposure Assessment application, if you know the publisher and product for the vulnerable software, using the records that list the installed software in your network created by the SAM application, you can assess your exposure to potentially malicious software packages on-demand.

    Knowing the scale of your exposure to this type of vulnerability permits you to proactively respond by implementing a red alert and uninstalling the software, or informing your security operations center (SOC) to look for a specific patch. You can create vulnerable items and assign tasks to the remediation specialist for further investigation remediation. View a vulnerability group (VG) list to verify that the vulnerable items you want are created and associated correctly to the VG.

    The Exposure Assessment application for the Vulnerability Response application is compatible with the Madrid v9.0, New York v9.0, and Orlando family releases.

    Related tasks
    • Assess your exposure to vulnerable software
    Related concepts
    • Vulnerability Response personas and granular roles
    • Vulnerability Response assignment rules overview
    • Vulnerability Response groups and group rules overview
    • Vulnerability groups and group rules overview (Prior to v10.0)
    • CI Lookup Rules for identifying configuration items from Vulnerability Response third-party vulnerability integrations
    • Discovered Items
    • Vulnerability Response group and vulnerable item states
    • Vulnerability Response calculators and vulnerability calculator rules
    • Vulnerability Response vulnerable item detections from third-party integrations
    • Vulnerability Response remediation target rules
    • Vulnerability Solution Management
    • Introduction to Exception Management
    • Introduction to False Positive
    • Change management for Vulnerability Response
    • Domain separation and Vulnerability Response
    • Configure Exposure Assessment

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Software exposure assessment using Software Asset Management (SAM)

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Software exposure assessment using Software Asset Management (SAM)

      Use the ServiceNow® Exposure Assessment application to determine your total installed software count for a specific software package on your assets. When used with the ITSM Software Asset Management application, evaluate your exposure, create vulnerable items, and manage remediation for the vulnerable software you discover.

      Overview

      Determine your exposure to vulnerable software by providing the vulnerable software information (publisher, product, edition and version) without using the Common Vulnerabilities and Exposures (CVE) database. Assess cases of a zero-day (current day) vulnerabilities to software for the following cases:
      • When products do not yet have CVE data.
      • When there is a lag between the time a vulnerability becomes publicly known and the CVE data with the vulnerability is updated in the NVD.
      • When you learn about the vulnerability in-between the scheduled scans of your vulnerability scanner.

      With the Exposure Assessment application, if you know the publisher and product for the vulnerable software, using the records that list the installed software in your network created by the SAM application, you can assess your exposure to potentially malicious software packages on-demand.

      Knowing the scale of your exposure to this type of vulnerability permits you to proactively respond by implementing a red alert and uninstalling the software, or informing your security operations center (SOC) to look for a specific patch. You can create vulnerable items and assign tasks to the remediation specialist for further investigation remediation. View a vulnerability group (VG) list to verify that the vulnerable items you want are created and associated correctly to the VG.

      The Exposure Assessment application for the Vulnerability Response application is compatible with the Madrid v9.0, New York v9.0, and Orlando family releases.

      Related tasks
      • Assess your exposure to vulnerable software
      Related concepts
      • Vulnerability Response personas and granular roles
      • Vulnerability Response assignment rules overview
      • Vulnerability Response groups and group rules overview
      • Vulnerability groups and group rules overview (Prior to v10.0)
      • CI Lookup Rules for identifying configuration items from Vulnerability Response third-party vulnerability integrations
      • Discovered Items
      • Vulnerability Response group and vulnerable item states
      • Vulnerability Response calculators and vulnerability calculator rules
      • Vulnerability Response vulnerable item detections from third-party integrations
      • Vulnerability Response remediation target rules
      • Vulnerability Solution Management
      • Introduction to Exception Management
      • Introduction to False Positive
      • Change management for Vulnerability Response
      • Domain separation and Vulnerability Response
      • Configure Exposure Assessment

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login