Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Components installed with Vulnerability Response

Log in to subscribe to topics and get notified when content changes.

Components installed with Vulnerability Response

Several types of components are installed with activation of the Vulnerability Response application, including tables, user roles, and scheduled jobs.

Note: To view all other components that install with this application, see the Application Files table. For instructions on how to access this table, see Find components installed with an application.

Demo data is available for this feature.

Roles installed

Role title [name] Description Contains roles
Vulnerability managers and senior analysts

[sn_vul.admin]

Update properties and vulnerability integrations. The sn_vul.admin role is required for Vulnerability Response administration including vulnerability integrations, vulnerability group rules, calculators, and remediation target rules and tasks, reports, and third-party integration configuration.
  • sn_vul.vulnerability_write
  • sn_sec_cmn.admin
  • sn_vul_qualys.admin (when the Qualys Vulnerability Integration [com.snc.vulnerability.qualys] application is installed.)
  • treemap_admin (when the Vulnerability Analytics [com.snc.vulnerability.analytics] application is installed.)
Vulnerability analysts

[sn_vul.vulnerability_write]

Create and update vulnerable software and vulnerable items. The sn_vul.vulnerability_write role is required for managing vulnerability groups and vulnerable items, and monitoring remediation progress.
  • sn_vul.vulnerability_read
  • sn_sc_cmn.write
  • sn_vul_ualys.user (when the Qualys Vulnerability Integration [com.snc.vulnerability.qualys] application is installed.)
Others

[sn_vul.vulnerability_read]

View the vulnerable module section, vulnerable software, and vulnerable items. The sn_vul.vulnerability_read role is required for anyone needing visibility into vulnerability management. For example, IT and security executives or someone who wants to drill down from high-level dashboards to the items that comprise the dashboard visuals.
  • sn_sec_cmn.read
  • sn_vul_qualys.read (when the Qualys Vulnerability Integration [com.snc.vulnerability.qualys] application is installed.
  • pa_viewer (when the Vulnerability Analytics [com.snc.vulnerability.analytics]application is installed.)
VR System import administrator

[sn_vul.vr_import_admin]

System run-as user. Runs scheduled jobs.
Note: This user is the default run-as user for each integration record. Do not change.
  • import_admin
  • sn_vul.vulnerability_write.

Version 8.0: Remediation owner

[sn_vul.remediation_owner]

View and update permission for vulnerable items, vulnerability groups assigned to you or your group. Can view all vulnerabilities and solutions. Has write access to the Internal notes field on the solution record. Contained in the itil role.

Scheduled jobs installed

Scheduled job Description
Check Run State WaitComplete Marks an integration run as complete once they are verified as fully done.
Check Vulnerable Item and Groups Deferment Expiration Sends notifications if vulnerable items or vulnerabilities have expired (and if they expire in one week).
Version 8.0: Close cancel VITs that do not have a CI associated Automatically closes vulnerable items that do not have an associated configuration item (CI) and have not been updated for three days. State is set to Closed/Cancelled.
CWE Comprehensive 2000 Integration Vulnerability integration that pulls in vulnerability information from the Common Weakness Enumeration (CWE) dataset, curated by the MITRE Corporation.
Version 8.0: Disable VR solutions when plugin not active Disables and hides the Vulnerability Solution Management feature when the Solution Management for Vulnerability Response application is not installed.
Evaluate remediation targets Sets or updates remediation target dates on all vulnerable items. Determines the status of remediation target dates against rules.
Version 8.0: Microsoft Security Response Center Solution integration Vulnerability Solution Management integration that retrieves solutions from the Microsoft Security Response Center.
NIST National Vulnerability Database Vulnerability integration that retrieves the National Vulnerability Database (NIST) data feed.
NIST National Vulnerability Database CVSS3 Integration Vulnerability integration that retrieves CVSS3 data from the National Vulnerability Database (NIST) data feed.
Pick up throttled integration process Creates the integration process for the Shodan Exploit Integration.
Re-open deferred vulnerability groups Reopens deferred vulnerability groups when the deferment date has passed.
Refresh associated vulnerable items for non-VGR based VG Updates the vulnerability group with vulnerable items matching the Filter Group and Condition groups criteria.
Version 8.0: Rerun calculators Reapplies the calculators to all vulnerable items. This triggers a recalculation of the cumulative risk scores of their vulnerability groups.
Note: Rerunning calculators can take a long time depending on your environment.
Retry Cancelled Integration Import Sets Retries canceled integration import sets. Retries 5 times before returning an error.
Retry Cancelled Integration Processes Retries canceled integration processes. Retries 5 times before returning an error.
Rollup vulnerable item values to vulnerability and group Computes the risk score, number of vulnerable items, and remediation target status for vulnerability groups, using the rollup calculator.
Run severity calculator after vuln entry promotion Runs the severity calculator after a previously missing vulnerability has been updated with its score and other data from a third-party provider, such as Qualys Cloud Platform, Rapid7 Nexpose.
Scheduled Vulnerability Data Source Processor Checks the import queue for entries to process and assigns a scheduled import job based on available resources.
Scheduled Vulnerability integration process attachment cleanup Removes integration XML attachments once they are 14 days old. This retention time is not configurable.
Scheduled Vulnerability Integration timeout checker Cancels integration runs that take over 60 minutes to complete.
Set related business services for VI Links affected business services to CIs connected to vulnerable items.
Update CI scan last found Updates the Last vulnerability found field in the CMDB CI record after scan.
Version 8.0: Update Ungrouped Vulnerable Items Determines whether a vulnerable item is in a vulnerability group and adds or removes it from the Ungrouped Vulnerable Items list.
Update Vulnerable Item Age Updates vulnerable item age based on how long the vulnerable item has been open.
Vulnerability Import Template Engine that processes the import queue. One of 10.
Version 8.0: Vulnerability Response Risk and Remediation Status Upgrade Updates the risk rating on data when you upgrade.

Tables installed

Table Description

Assignment Rule

[sn_vul_vgr_assignment_rule]

Assigns a vulnerability group to an assignment group during vulnerability group creation.

Associated IP Addresses

[sn_vul_vi_ip_address]

IP addresses associated with a vulnerable item.
Asynchronous Vulnerable Item Job

[sn_vul_async_vi_job]

Contains background jobs that process vulnerable items. Only one job type is supported; used to edit vulnerabilities in bulk.
Asynchronous Vulnerable Item Job Type

[sn_vul_async_vi_job_type]

Contains the types of background jobs, and references the relevant script. Only has one processor, the VulnerabilityBulkEditProcessor
CI Scan

[sn_vul_ci_scan]

Contains data on when CIs were last scanned.
Data includes:
  • last scan date (if available)
  • scanner used for the last scan
  • date of the last vulnerability found for the CI
  • scanner last used for a found vulnerability
Common Weakness Enumeration

[sn_vul_cwe]

Catalog of common software weakness and vulnerabilities.
Discovery Model Vulnerable Software Match

[sn_vul_discovery_model_software_match]

Supplements the matching of vulnerable software to a discovery model.
Exploit

[sn_vul_exploit]

Contains the definitions of exploits: publicly available code that takes advantage of a vulnerability.
Exploit Framework

sn_vul_exploit_framework

Contains the names of exploit frameworks: full software packages that are capable of running many exploits.
Malware Kit

sn_vul_malware_kit

Contains the details of malware kits: pre-written tools that make it easy to run an exploit or set of related exploits without doing additional coding or configuration work
Version 8.0: Microsoft Response Center Solution Update

[sn_vul_msrc_update]

Contains the last time that the solution data was updated by Microsoft. Used to compare against the nightly import to determine the delta data for download.
Version 8.0: Microsoft Security Response Center Solution Integration

sn_vul_msrc_integration

Extends the Vulnerability Integration [sn_vul_integration] table for the Microsoft Security Response Center Solution Integration.
National Vulnerability Database Entry

[sn_vul_nvd_entry]

Documented vulnerability from the NIST National Vulnerability Database.
NVD CVSS Import

[sn_vul_nvd_cvss_import]

Contains staging data that has not yet been transformed to the Vulnerability Response schema during NVD import.
NVD Data Feeds

[sn_vul_nvd_repo]

NIST National Vulnerability Database feed.
Version 8.0: Product category

sn_vul_product_category

Contains the imported product category data.

Remediation Target Rule

[sn_vul_ttr_rule]

Defines the expected time frame for remediating a vulnerable item. Extends Application File.

SAM NVD Vulnerability Detection

[sn_vul_sam_config]

Contains which CI and Vulnerabilities are monitored with SAM NVD and whether SAM NVD vulnerability detection is enabled or not.
Scheduled Import Pool

[sn_vul_sched_import_pool]

Collection of scheduled import set records used to facilitate simultaneous data source imports.
Severity Map

[sn_vul_severity_map]

Contains the mappings from source severity to normalized severity.
Third-Party Import Maps

[sn_vul_third_party_import_mapping]

Transform maps rules for third-party data.
Third Party Vulnerability Entry

[sn_vul_third_party_entry]

Documented vulnerability from a third-party source.

Update Manifest

[sn_vul_update_manifest]

List of Vulnerability Groups that have been updated and require recalculation by the rollup calculator.
Version 8.0: Vulnerability Assignment Rule

sn_vul_assignment_rule

Contains the set of rules evaluated to set the assignment group on VIs.
Version 7.0Vulnerability Calculator

[sn_vul_calculator]

Contains the calculator that sets certain vulnerable item fields when certain conditions are met.
Version 8.0: Vulnerability Calculator

[sn_vul_calculator_group]

Contains the vulnerability calculator rules. The order of the calculator determines which calculator is evaluated first, and in each calculator, one calculator rule, at most, is used.
Version 7.0Vulnerability Calculator Group

Version 8.0: Vulnerability Calculator

[sn_vul_calculator_group]

Contains the grouping of vulnerability calculators. The order of the calculator group determines which group is evaluated first, and in each group, one calculator at most is used.
Version 8.0: Vulnerability Calculator Rule

sn_vul_calculator

Contains the rules for all of the calculators. For each calculator, the calculator rules are reviewed in order. The first calculator matching the condition uses the values within that rule.
Vulnerability CVEs

[sn_vul_m2m_entry_cve]

Links NVD Common Vulnerability Exposures (CVE) data to vulnerable entries.
Vulnerability Data Source Import Queue Entry

[sn_vul_ds_import_q_entry]

Queue for attachments before they are processed by a data source. Utilized by vulnerability integrations.
Vulnerability Entry

[sn_vul_entry]

Documented vulnerability.
Vulnerability Exploit Framework

[sn_vul_m2m_framework_vul]

Contains the relationship between Exploit frameworks and vulnerabilities.
Vulnerability Group

[sn_vul_vulnerability]

Collection of vulnerable items organized for remediation.
Vulnerability Group Item

[sn_vul_m2m_vul_group_item]

Association of vulnerability groups and vulnerable items.
Vulnerability Group Rule

[sn_vul_grouping_rule]

Contains the rules that define the criteria with which groups are automatically created for a set of vulnerable items.
Vulnerability Integration

[sn_vul_integration]

Schedulable record to import vulnerability data from an external source. Extends Scheduled Script Execution.
Vulnerability Integration Data Source

[sn_vul_int_data_src]

Data source to use with a vulnerability integration.
Vulnerability Integration Log

[sn_vul_integration_log]

Records log information output by vulnerability integration runs.
Vulnerability Integration Process

[sn_vul_integration_process]

Single process occurrence for a vulnerability integration.
Vulnerability Integration Queue

[sn_vul_integration_queue]

Queues the import requests for an integration run when all the Data Sources are in use.
Vulnerability Integration Run

[sn_vul_integration_run]

Vulnerability integration invocations.
Vulnerability Item Task

[sn_vul_m2m_item_task]

Vulnerable items associated with problems, changes, and security incidents.
Vulnerability Malware Kit

[sn_vul_m2m_malware_kit_vul]

Contains the relationships between vulnerabilities and malware kits.
Version 8.0: Vulnerability Prerequisite Solution

[sn_vul_m2m_solution_prerequisite]

Contains the source-specific prerequisites to applying a solution, when available.
Vulnerability Rate limit

[sn_vul_rate_limit]

Defines a rate limit to be used on a scanner.
Vulnerability Reference

[sn_vul_reference]

External references for known vulnerabilities.
Vulnerability Remediation Status

[sn_vul_m2m_ttr_status]

Status of the vulnerable item against the closest applied remediation target rule.
Version 8.0: Vulnerability Risk Rule

sn_vul_calc_risk

Specialized calculator rule used with the Risk Score calculators. Takes weights indicating which values, related to a VI, to use to calculate the Risk Score.
Vulnerability Rollup Calculator

[sn_vul_rollup]

List of vulnerability rollup calculators.
Vulnerability Scan

[sn_vul_scan]

Vulnerability scan. Contains what to scan, with what scanner, and a summary of the scan results.
Vulnerability Scan Configuration Item

[sn_vul_m2m_scan_configuration_item]

Associates CMDB CIs that are queued to be scanned.
Vulnerability Scan Queue Entry

[sn_vul_scan_q_entry]

Scan record queued for scanning or processing. Facilitates the requests within stated rate limits.
Vulnerability Scan Source

[sn_vul_m2m_scan_source]

Associates sources to a scan record and signifies all the records that are queued to be scanned.
Vulnerability Scan Task

[sn_vul_m2m_scan_vulnerability]

Associates vulnerability tasks for the sources of a scan record.
Vulnerability Scanner

[sn_vul_scanner]

Defines third-party scanners to use in scans.
Vulnerability Scanner Rate Limit

[sn_cmn_scanner_rate_limit]

Associates a scanner with a rate limit.
Vulnerability Software

[sn_vul_m2m_entry_software]

Contains associations between vulnerabilities and vulnerable software.
Version 8.0: Vulnerability Solution

[sn_vul_solution]

Contains imported vulnerability solution data.
Version 8.0: Vulnerability Solution

[sn_vul_m2m_vulnerability_solution]

Contains the relationship between the vulnerability and the possible solutions for it.
Version 8.0: Vulnerability Superseding Solution

[sn_vul_m2m_solution_supersedence]

Contains the source-specific relationship between solutions.
Vulnerability State Change Approval

[sn_vul_change_approval]

Tracks the approval process for vulnerabilities.
Vulnerability Update Manifest

sn_vul_vuln_update

Contains a list of vulnerabilities that need their rollup data updated after their vulnerable items are updated, closed, or have risk score changes.
Vulnerable Item

[sn_vul_vulnerable_item]

Contains the occurrence of a vulnerability on a configuration item.
Vulnerable Software

[sn_vul_software]

Software that is known to have certain vulnerabilities.
Feedback