Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Vulnerability Solution Management

Log in to subscribe to topics and get notified when content changes.

Vulnerability Solution Management

Starting with Vulnerability Responsev8.0, automatically correlate the vulnerabilities in your environment with the Microsoft Security Response Center solutions that could remediate them. Identify the remediation actions that apply to your vulnerabilities and prioritize them by the greatest reduction in vulnerability risk.

Vulnerability Solution Management is available within the Vulnerability Response application by separate subscription. See Install the Vulnerability Solution Management application for more information.

Once enabled, you have access to Microsoft Security Response Center solution data.
Note:

The Microsoft Security Response Center Solution Integration is the first integration provided with Vulnerability Solution Management. Configure Microsoft Security Response Center Solution Integration within Setup Assistant.

See Understanding the Microsoft Security Response Center Solution Integration for more information on the solutions imported from the Microsoft Security Response Center.

Available versions

The Vulnerability Solution Management application is required for the Vulnerability Solution Management feature in Vulnerability Response. See Install the Vulnerability Solution Management application.
Release version Release Notes

Vulnerability Solution Management v8.0

Vulnerability Response release notes

Understanding solutions and supersedence

A superseded update is a complete replacement of a previous release or releases. For example, a hotfix update may be superseded by a Service Pack. Solutions are related to vulnerabilities. Solutions can also relate to other solutions in a supersedence chain. Solutions address vulnerabilities in preceding solutions as well since they’re cumulative. Vulnerability Solution Management automatically associates vulnerabilities from preceding solutions with superseding solutions. If an older vulnerability is found, any higher superseding solution can address it, but the highest supersedence solution is preferred, since it is the most cumulative.

Potential versus Preferred Solutions

A potential solution is one that could address a vulnerability. Vulnerabilities often have many potential solutions. A preferred solution is the single solution targeted for remediating a vulnerability or vulnerable item (VI). It communicates intention, and enables more detailed deployment metrics.

Preferred Solutions

Vulnerability Solution Management automatically sets the most effective solution (Preferred Solution) for the detected vulnerability based on highest-supersedence when only one highest-supersedence solution exists. If more than one highest-supersedence exists for the vulnerability, no value is set. In Vulnerability Response, Preferred Solution is the Microsoft Security Response Center solution with the highest supersedence derived from the solutions associated with the vulnerability.

Preferred Solution values can be set on the vulnerable item or the vulnerability. When set on the vulnerability, all vulnerable items associated with the vulnerability inherit that solution.
Note: If multiple highest-supersedence solutions exist for a vulnerability, Preferred Solution values at the vulnerability level are cleared, since that solution depends on the affected asset. When multiple highest-supersedence solutions exist for a vulnerability, set a Preferred Solution on the vulnerable item. You can set a different solution using the Lookup list on the Vulnerable Item form.

All preferred solutions for the vulnerable items in a vulnerability group are in a related list on the Vulnerability Group form.

Not all solution imports result in full data refreshes. The supersedence process updates when:
  • A vulnerable item is created.
  • Data has changed on an active VI.
  • New solution data was released since last import.

What does Vulnerability Solution Management do?

  • Automatically associates new vulnerable items and vulnerability groups with solutions during Microsoft Security Response Center Solution Integration import.

  • Automatically associates vulnerable items and vulnerability groups with solutions when vulnerability records are associated manually with solutions.
    Note: Vulnerable items manually re-assigned to another solution are not automatically updated with solution changes at the vulnerability level.
  • Creates supersedence chains during import that you can view in the solution's related list.
  • Indicates whether a solution is a highest-supersedence solution or not.
  • Lists the Solution Risk score associated with each solution to provide you with the biggest opportunities for risk reduction.
  • Maintains Remediation Status for solutions on Third-party Vulnerability Entries and Vulnerability Solution records so you can track remediation progress.

    It contains:
    • Vulnerable item counts by percent remediated, for those VIs with Preferred Solutions, with and without those VIs in the Deferred state.
    • Configuration Item (CI) counts by percent remediated, for those VIs with Preferred Solutions, with and without those VIs in the Deferred state.
    • Vulnerable item counts by percent remediated, for those VIs with Potential Solutions, with and without those VIs in the Deferred state.
    • Configuration Item counts by percent remediated, for those VIs with Preferred Solutions, with and without those VIs in the Deferred state.

What can you do with Vulnerability Solution Management?

  • Create, update, view, or delete solutions associated with vulnerabilities, so that you can track vulnerability solutions that are not covered by third-party solution content.
  • Associate third-party vulnerabilities and NVD entries with a solution record.
  • Remove and reassociate vulnerable items and vulnerability groups with a solution.
  • View the Preferred Solution applicable to a given vulnerability on the vulnerability and vulnerable item forms.
  • View a Preferred Solutions related list on vulnerability group forms that lists all the solutions that have been preferred by at least one active VI within that group.
  • View the Remediation Status details on a solution that show the risk reduction associated with deploying the Preferred Solution on vulnerability, vulnerable item, vulnerability group, and solution forms.
  • View vulnerabilities applicable to a given solution on the solution form.
  • View the superseding solutions for a given solution on a vulnerability, to find the latest update to deploy, or an earlier, more focused, efficient update.
  • View lists of solutions sorted for different characteristics.
    • All: Solutions sorted by Date published and Number.
    • Highest Supersedence: Solutions with active, non-deferred vulnerable items. Sorted by Highest supersedence, Date published, and Number.
    • With Vulnerable Items: Solutions with active, non-deferred vulnerable items. Sorted by Highest supersedence or Preferred, Risk Score, and Number. If deployed, the top entries in the list provide the largest risk reduction for the assets in your environment.

Solution record Risk score and Risk rating

Note: The Solution record Risk score and Risk rating are distinct from those fields used for vulnerabilities, vulnerable items, and vulnerability groups.

The Solution record Risk score is a weighted calculation based on the vulnerable item Risk score and a count of active vulnerable items with this solution as their Potential Solution. Solution Risk score provides an estimation of the reduction in risk that the solution is expected to accomplish.

Solution record Risk score is calculated as follows:
  • It starts by taking 85% of the highest or maximum Risk score of a vulnerable item with that potential solution.
  • Solution record Risk score then tabulates the total number of vulnerable items with that potential solution. For each range of the number of vulnerable items, it adds some points and arrives at a total.
    • 0–09 vulnerable items adds no points
    • 10–99 vulnerable items adds 5 points
    • 100–999 vulnerable items adds 10 points
    • 1000 and beyond vulnerable items adds 15 points

    For example, for a vulnerable item Risk score of 80, the Solution record Risk score would start at 68. If there were 200 active total vulnerable items with that potential solution, then the final Solution record Risk score would be 78.

The Solution record Risk rating separates the Solution record Risk score into ranges from Critical to None. Solution Risk rating rates the risk reduction for the vulnerable items that this solution remediates.

Risk ratings separate the resulting Solution Risk score into the following ranges:
  • 1 — Critical (90+ Solution Risk score)
  • 2 — High (70-89 Solution record Risk score)
  • 3 — Medium (30-69 Solution record Risk score)
  • 4 — Low (1-29 Solution record Risk score)
  • 5 — None (0 Solution record Risk score)

Use Cases

View the status deployment progress of a current patch cycle using the highest-supersedence module, sorted by date.

View highest value solutions using the With Vulnerable Items module, sorted by risk score.

Solution lists communicate key solution details, risk scores, and deployment metrics. Use Risk score and active VI counts for prioritization. See which solutions in the current patch cycle are not progressing, possibly an indication of a missed deployment prerequisite.
Note: Add %VIs remediated(percent_nd_pref_vis_remediated) from the Personalize List Columns menu for remediation progress on the Vulnerability Solutions form.
Feedback