Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Components installed with Vulnerability Response

Log in to subscribe to topics and get notified when content changes.

Components installed with Vulnerability Response

Several types of components are installed with activation of the Vulnerability Response application, including tables, user roles, and scheduled jobs.

Note: To view all other components that install with this application, see the Application Files table. For instructions on how to access this table, see Find components installed with an application.

Demo data is available for this feature.

Roles installed

Role title [name] Description Contains roles
Vulnerability managers and senior analysts


Update properties and vulnerability integrations. The sn_vul.admin role is required for Vulnerability Response administration including vulnerability integrations, vulnerability group rules, calculators, and remediation target rules and tasks, reports, and third-party integration configuration.
  • sn_vul.vulnerability_write
  • sn_sec_cmn.admin
  • sn_vul_qualys.admin (when the Qualys Vulnerability Integration [com.snc.vulnerability.qualys] application is installed.)
  • treemap_admin (when the Vulnerability Analytics [] application is installed.)
Vulnerability analysts


Create and update vulnerable software and vulnerable items. The sn_vul.vulnerability_write role is required for managing vulnerability groups and vulnerable items, and monitoring remediation progress.
  • sn_vul.vulnerability_read
  • sn_sc_cmn.write
  • sn_vul_ualys.user (when the Qualys Vulnerability Integration [com.snc.vulnerability.qualys] application is installed.)


View the vulnerable module section, vulnerable software, and vulnerable items. The sn_vul.vulnerability_read role is required for anyone needing visibility into vulnerability management. For example, IT and security executives or someone who wants to drill down from high-level dashboards to the items that comprise the dashboard visuals.
  • (when the Qualys Vulnerability Integration [com.snc.vulnerability.qualys] application is installed.
  • pa_viewer (when the Vulnerability Analytics []application is installed.)
VR System import administrator


System run-as user. Runs scheduled jobs.
Note: This user is the default run-as user for each integration record. Do not change.
  • import_admin
  • sn_vul.vulnerability_write.

Version 8.0: Remediation owner


View and update permission for vulnerable items, vulnerability groups assigned to you or your group. Can view all vulnerabilities and solutions. Has write access to the Internal notes field on the solution record. Contained in the itil role.

Scheduled jobs installed

Scheduled job Description
Check Run State WaitComplete Marks an integration run as complete once they are verified as fully done.
Check Vulnerable Item and Groups Deferment Expiration Sends notifications if vulnerable items or vulnerabilities have expired (and if they expire in one week).
Version 8.0: Close cancel VITs that do not have a CI associated Automatically closes vulnerable items that do not have an associated configuration item (CI) and have not been updated for three days. State is set to Closed/Cancelled.
CWE Comprehensive 2000 Integration Vulnerability integration that pulls in vulnerability information from the Common Weakness Enumeration (CWE) dataset, curated by the MITRE Corporation.
Version 8.0: Disable VR solutions when plugin not active Disables and hides the Vulnerability Solution Management feature when the Solution Management for Vulnerability Response application is not installed.
Evaluate remediation targets Sets or updates remediation target dates on all vulnerable items. Determines the status of remediation target dates against rules.
Version 8.0: Microsoft Security Response Center Solution integration Vulnerability Solution Management integration that retrieves solutions from the Microsoft Security Response Center.
NIST National Vulnerability Database Vulnerability integration that retrieves the National Vulnerability Database (NIST) data feed.
NIST National Vulnerability Database CVSS3 Integration Vulnerability integration that retrieves CVSS3 data from the National Vulnerability Database (NIST) data feed.
Pick up throttled integration process Creates the integration process for the Shodan Exploit Integration.
Re-open deferred vulnerability groups Reopens deferred vulnerability groups when the deferment date has passed.
Refresh associated vulnerable items for non-VGR based VG Updates the vulnerability group with vulnerable items matching the Filter Group and Condition groups criteria.
Version 8.0: Rerun calculators Reapplies the calculators to all vulnerable items. This triggers a recalculation of the cumulative risk scores of their vulnerability groups.
Note: Rerunning calculators can take a long time depending on your environment.
Retry Cancelled Integration Import Sets Retries canceled integration import sets. Retries 5 times before returning an error.
Retry Cancelled Integration Processes Retries canceled integration processes. Retries 5 times before returning an error.
Rollup vulnerable item values to vulnerability and group Computes the risk score, number of vulnerable items, and remediation target status for vulnerability groups, using the rollup calculator.
Run severity calculator after vuln entry promotion Runs the severity calculator after a previously missing vulnerability has been updated with its score and other data from a third-party provider, such as Qualys Cloud Platform, Rapid7 Nexpose.
Scheduled Vulnerability Data Source Processor Checks the import queue for entries to process and assigns a scheduled import job based on available resources.
Scheduled Vulnerability integration process attachment cleanup Removes integration XML attachments once they are 14 days old. This retention time is not configurable.
Scheduled Vulnerability Integration timeout checker Cancels integration runs that take over 60 minutes to complete.
Set related business services for VI Links affected business services to CIs connected to vulnerable items.
Update CI scan last found Updates the Last vulnerability found field in the CMDB CI record after scan.
Version 8.0: Update Ungrouped Vulnerable Items Determines whether a vulnerable item is in a vulnerability group and adds or removes it from the Ungrouped Vulnerable Items list.
Update Vulnerable Item Age Updates vulnerable item age based on how long the vulnerable item has been open.
Vulnerability Import Template Engine that processes the import queue. One of 10.
Version 8.0: Vulnerability Response Risk and Remediation Status Upgrade Updates the risk rating on data when you upgrade.

Tables installed

Table Description

Assignment Rule


Assigns a vulnerability group to an assignment group during vulnerability group creation.

Associated IP Addresses


IP addresses associated with a vulnerable item.
Asynchronous Vulnerable Item Job


Contains background jobs that process vulnerable items. Only one job type is supported; used to edit vulnerabilities in bulk.
Asynchronous Vulnerable Item Job Type


Contains the types of background jobs, and references the relevant script. Only has one processor, the VulnerabilityBulkEditProcessor
CI Scan


Contains data on when CIs were last scanned.
Data includes:
  • last scan date (if available)
  • scanner used for the last scan
  • date of the last vulnerability found for the CI
  • scanner last used for a found vulnerability
Common Weakness Enumeration


Catalog of common software weakness and vulnerabilities.
Discovery Model Vulnerable Software Match


Supplements the matching of vulnerable software to a discovery model.


Contains the definitions of exploits: publicly available code that takes advantage of a vulnerability.
Exploit Framework


Contains the names of exploit frameworks: full software packages that are capable of running many exploits.
Malware Kit


Contains the details of malware kits: pre-written tools that make it easy to run an exploit or set of related exploits without doing additional coding or configuration work
Version 8.0: Microsoft Response Center Solution Update


Contains the last time that the solution data was updated by Microsoft. Used to compare against the nightly import to determine the delta data for download.
Version 8.0: Microsoft Security Response Center Solution Integration


Extends the Vulnerability Integration [sn_vul_integration] table for the Microsoft Security Response Center Solution Integration.
National Vulnerability Database Entry


Documented vulnerability from the NIST National Vulnerability Database.


Contains staging data that has not yet been transformed to the Vulnerability Response schema during NVD import.
NVD Data Feeds


NIST National Vulnerability Database feed.
Version 8.0: Product category


Contains the imported product category data.

Remediation Target Rule


Defines the expected time frame for remediating a vulnerable item. Extends Application File.

SAM NVD Vulnerability Detection


Contains which CI and Vulnerabilities are monitored with SAM NVD and whether SAM NVD vulnerability detection is enabled or not.
Scheduled Import Pool


Collection of scheduled import set records used to facilitate simultaneous data source imports.
Severity Map


Contains the mappings from source severity to normalized severity.
Third-Party Import Maps


Transform maps rules for third-party data.
Third Party Vulnerability Entry


Documented vulnerability from a third-party source.

Update Manifest


List of Vulnerability Groups that have been updated and require recalculation by the rollup calculator.
Version 8.0: Vulnerability Assignment Rule


Contains the set of rules evaluated to set the assignment group on VIs.
Version 7.0Vulnerability Calculator


Contains the calculator that sets certain vulnerable item fields when certain conditions are met.
Version 8.0: Vulnerability Calculator


Contains the vulnerability calculator rules. The order of the calculator determines which calculator is evaluated first, and in each calculator, one calculator rule, at most, is used.
Version 7.0Vulnerability Calculator Group

Version 8.0: Vulnerability Calculator


Contains the grouping of vulnerability calculators. The order of the calculator group determines which group is evaluated first, and in each group, one calculator at most is used.
Version 8.0: Vulnerability Calculator Rule


Contains the rules for all of the calculators. For each calculator, the calculator rules are reviewed in order. The first calculator matching the condition uses the values within that rule.
Vulnerability CVEs


Links NVD Common Vulnerability Exposures (CVE) data to vulnerable entries.
Vulnerability Data Source Import Queue Entry


Queue for attachments before they are processed by a data source. Utilized by vulnerability integrations.
Vulnerability Entry


Documented vulnerability.
Vulnerability Exploit Framework


Contains the relationship between Exploit frameworks and vulnerabilities.
Vulnerability Group


Collection of vulnerable items organized for remediation.
Vulnerability Group Item


Association of vulnerability groups and vulnerable items.
Vulnerability Group Rule


Contains the rules that define the criteria with which groups are automatically created for a set of vulnerable items.
Vulnerability Integration


Schedulable record to import vulnerability data from an external source. Extends Scheduled Script Execution.
Vulnerability Integration Data Source


Data source to use with a vulnerability integration.
Vulnerability Integration Log


Records log information output by vulnerability integration runs.
Vulnerability Integration Process


Single process occurrence for a vulnerability integration.
Vulnerability Integration Queue


Queues the import requests for an integration run when all the Data Sources are in use.
Vulnerability Integration Run


Vulnerability integration invocations.
Vulnerability Item Task


Vulnerable items associated with problems, changes, and security incidents.
Vulnerability Malware Kit


Contains the relationships between vulnerabilities and malware kits.
Version 8.0: Vulnerability Prerequisite Solution


Contains the source-specific prerequisites to applying a solution, when available.
Vulnerability Rate limit


Defines a rate limit to be used on a scanner.
Vulnerability Reference


External references for known vulnerabilities.
Vulnerability Remediation Status


Status of the vulnerable item against the closest applied remediation target rule.
Version 8.0: Vulnerability Risk Rule


Specialized calculator rule used with the Risk Score calculators. Takes weights indicating which values, related to a VI, to use to calculate the Risk Score.
Vulnerability Rollup Calculator


List of vulnerability rollup calculators.
Vulnerability Scan


Vulnerability scan. Contains what to scan, with what scanner, and a summary of the scan results.
Vulnerability Scan Configuration Item


Associates CMDB CIs that are queued to be scanned.
Vulnerability Scan Queue Entry


Scan record queued for scanning or processing. Facilitates the requests within stated rate limits.
Vulnerability Scan Source


Associates sources to a scan record and signifies all the records that are queued to be scanned.
Vulnerability Scan Task


Associates vulnerability tasks for the sources of a scan record.
Vulnerability Scanner


Defines third-party scanners to use in scans.
Vulnerability Scanner Rate Limit


Associates a scanner with a rate limit.
Vulnerability Software


Contains associations between vulnerabilities and vulnerable software.
Version 8.0: Vulnerability Solution


Contains imported vulnerability solution data.
Version 8.0: Vulnerability Solution


Contains the relationship between the vulnerability and the possible solutions for it.
Version 8.0: Vulnerability Superseding Solution


Contains the source-specific relationship between solutions.
Vulnerability State Change Approval


Tracks the approval process for vulnerabilities.
Vulnerability Update Manifest


Contains a list of vulnerabilities that need their rollup data updated after their vulnerable items are updated, closed, or have risk score changes.
Vulnerable Item


Contains the occurrence of a vulnerability on a configuration item.
Vulnerable Software


Software that is known to have certain vulnerabilities.