Contents Security Operations Previous Topic Next Topic Software exposure assessment using Software Asset Management (SAM) Subscribe Log in to subscribe to topics and get notified when content changes. ... SAVE AS PDF Selected Topic Topic & Subtopics All Topics in Contents Share Software exposure assessment using Software Asset Management (SAM) As a vulnerability manager, use the ServiceNow® Exposure Assessment application to determine your total installed software count for a specific software package on your assets. When used with the ITSM Software Asset Management application, evaluate your exposure, create vulnerable items, and manage remediation for the vulnerable software you discover. Overview As a Vulnerability manager, you can determine your exposure to vulnerable software by providing the vulnerable software information (publisher, product, edition and version) without using the Common Vulnerabilities and Exposures (CVE) database. Assess cases of a zero-day (current day) vulnerabilities to software for the following cases: When products do not yet have CVE data. When there is a lag between the time a vulnerability becomes publicly known and the CVE data with the vulnerability is updated in the NVD. When you learn about the vulnerability in-between the scheduled scans of your vulnerability scanner. With the Exposure Assessment application, if you know the publisher and product for the vulnerable software, using the records that list the installed software in your network created by the SAM application, you can assess your exposure to potentially malicious software packages on-demand. Knowing the scale of your exposure to this type of vulnerability permits you to proactively respond by implementing a red alert and uninstalling the software, or informing your security operations center (SOC) to look for a specific patch. You can create vulnerable items and assign tasks to the remediation specialist for further investigation remediation. View a vulnerability group (VG) list to verify that the vulnerable items you want are created and associated correctly to the VG. The Exposure Assessment application for the Vulnerability Response application is compatible with the Madrid v9.0, New York v9.0, and Orlando family releases. Related tasksAssess your exposure to vulnerable softwareRelated conceptsVulnerability Response assignment rules overviewVulnerability groups and group rules overviewRules for identifying configuration items from third-party vulnerability integrationsDiscovered ItemsVulnerability group and vulnerable item statesVulnerability calculators and vulnerability calculator rulesRemediation target rulesVulnerability Solution ManagementChange management for Vulnerability ResponseDomain separation and Vulnerability ResponseConfigure Exposure Assessment On this page Send Feedback Previous Topic Next Topic
Software exposure assessment using Software Asset Management (SAM) As a vulnerability manager, use the ServiceNow® Exposure Assessment application to determine your total installed software count for a specific software package on your assets. When used with the ITSM Software Asset Management application, evaluate your exposure, create vulnerable items, and manage remediation for the vulnerable software you discover. Overview As a Vulnerability manager, you can determine your exposure to vulnerable software by providing the vulnerable software information (publisher, product, edition and version) without using the Common Vulnerabilities and Exposures (CVE) database. Assess cases of a zero-day (current day) vulnerabilities to software for the following cases: When products do not yet have CVE data. When there is a lag between the time a vulnerability becomes publicly known and the CVE data with the vulnerability is updated in the NVD. When you learn about the vulnerability in-between the scheduled scans of your vulnerability scanner. With the Exposure Assessment application, if you know the publisher and product for the vulnerable software, using the records that list the installed software in your network created by the SAM application, you can assess your exposure to potentially malicious software packages on-demand. Knowing the scale of your exposure to this type of vulnerability permits you to proactively respond by implementing a red alert and uninstalling the software, or informing your security operations center (SOC) to look for a specific patch. You can create vulnerable items and assign tasks to the remediation specialist for further investigation remediation. View a vulnerability group (VG) list to verify that the vulnerable items you want are created and associated correctly to the VG. The Exposure Assessment application for the Vulnerability Response application is compatible with the Madrid v9.0, New York v9.0, and Orlando family releases. Related tasksAssess your exposure to vulnerable softwareRelated conceptsVulnerability Response assignment rules overviewVulnerability groups and group rules overviewRules for identifying configuration items from third-party vulnerability integrationsDiscovered ItemsVulnerability group and vulnerable item statesVulnerability calculators and vulnerability calculator rulesRemediation target rulesVulnerability Solution ManagementChange management for Vulnerability ResponseDomain separation and Vulnerability ResponseConfigure Exposure Assessment
Software exposure assessment using Software Asset Management (SAM) As a vulnerability manager, use the ServiceNow® Exposure Assessment application to determine your total installed software count for a specific software package on your assets. When used with the ITSM Software Asset Management application, evaluate your exposure, create vulnerable items, and manage remediation for the vulnerable software you discover. Overview As a Vulnerability manager, you can determine your exposure to vulnerable software by providing the vulnerable software information (publisher, product, edition and version) without using the Common Vulnerabilities and Exposures (CVE) database. Assess cases of a zero-day (current day) vulnerabilities to software for the following cases: When products do not yet have CVE data. When there is a lag between the time a vulnerability becomes publicly known and the CVE data with the vulnerability is updated in the NVD. When you learn about the vulnerability in-between the scheduled scans of your vulnerability scanner. With the Exposure Assessment application, if you know the publisher and product for the vulnerable software, using the records that list the installed software in your network created by the SAM application, you can assess your exposure to potentially malicious software packages on-demand. Knowing the scale of your exposure to this type of vulnerability permits you to proactively respond by implementing a red alert and uninstalling the software, or informing your security operations center (SOC) to look for a specific patch. You can create vulnerable items and assign tasks to the remediation specialist for further investigation remediation. View a vulnerability group (VG) list to verify that the vulnerable items you want are created and associated correctly to the VG. The Exposure Assessment application for the Vulnerability Response application is compatible with the Madrid v9.0, New York v9.0, and Orlando family releases. Related tasksAssess your exposure to vulnerable softwareRelated conceptsVulnerability Response assignment rules overviewVulnerability groups and group rules overviewRules for identifying configuration items from third-party vulnerability integrationsDiscovered ItemsVulnerability group and vulnerable item statesVulnerability calculators and vulnerability calculator rulesRemediation target rulesVulnerability Solution ManagementChange management for Vulnerability ResponseDomain separation and Vulnerability ResponseConfigure Exposure Assessment
