Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Install and configure Vulnerability Response

Log in to subscribe to topics and get notified when content changes.

Install and configure Vulnerability Response

Before you run Vulnerability Response in your instance, you must complete installation and configuration steps.

Before you begin

Complete the following setup checklist prior to installation. These setup tasks are required for a smooth installation and configuration.
Note: This process applies only to applications downloaded to production instances. If you are downloading applications to sub-production or development instances, it is not necessary to get entitlements. Proceed to Activate a ServiceNow Store application.
Setup tasks Description
Verify that you have the required ServiceNow roles for your instance. The following roles are required for installation, configuration, and verification of expected results:
  • If not already assigned, the System Administrator [admin] installs the application and assigns the Vulnerability Admin [sn_vul.admin] role.
  • The Vulnerability Admin [sn_vul.admin] oversees configuration and verifies expected results.
  • Version 9.0: The Remediation Owner [sn_vul.remediation_owner] oversees change management tasks and reads and updates assigned records. The sn_vul.remediation_owner role is also automatically assigned when any user is assigned the itil role.
Role required: admin


  1. Log in to the instance you want to install the Vulnerability Response application on.
  2. Navigate to the ServiceNow Store.
    ServiceNow Store Certified Apps screen
  3. Click Login and log in using your HI credentials.
  4. Click the ServiceNow Products tab to view all available ServiceNow products. Integrations and other types of content are shown on the Certified Apps tab.
    ServiceNow apps
    Note: For the sake of this example, assume you are acquiring entitlement for the Security Incident Response product.
  5. Click the plus (+) sign next to the product name you are getting entitlement to. All applications associated with the product you are entitling are listed. When you have obtained entitlement to the core product, the applications listed under it are also entitled.
    Note: You can also click the product name to view more information about the product and its associated applications.
    Details for the SIR product
  6. Click Opt-in to verify that you have entitlement to the product and the applications listed. You are prompted to read and accept the ServiceNow terms and conditions.
    Terms and Conditions
  7. Select the check box and click Accept.
  8. Optionally, you can click Manage Entitlements to change the instances affected by the applications to which you are entitled.
    Managing entitlements for your company
  9. After you have agreed to the ServiceNow Terms and Conditions and managed entitlements, you can entitle other products with a single click.
    Entitling an app with a single click
    Note: You are ready to activate the product.
  10. Navigate to System Applications > All Available Applications > All.
    System applications
  11. Search for the dependencies plugin for the application you want to activate. For example, if you are activating Security Incident Response, locate the Security Incident Response Dependencies plugin.
  12. Click Install. The Activate Plugin dialog box appears.
    Activate dependency plugin
  13. In the Activate Plugin dialog box, click Activate.
  14. When the activation is complete, click Close & Reload Form.
  15. Now locate the core product you are activating, click the Install with demo data check box if you want to load demo data, and click Install.
    Your application is automatically installed on your instance.
    Note: If you do not select the Install with demo data check box, demo data is not available to install from the Application Manager later. For information on how to install or reinstall demo data after the initial installation, see the Work around to install demo data if application is already installed [KB0722909] article in the HI Knowledge Base.
  16. Once the installation completes, navigate to Vulnerability > Administration > Setup Assistant.
    Setup Assistant start page
  17. Follow the instructions on the forms.

    Only the Qualys Vulnerability Integration is available for installation and configuration within Setup Assistant. For more information on Qualys Vulnerability Integration installation, see Install the Qualys Integration for Security Operations application.

    To install the Rapid7 Vulnerability Integration, see Install and configure the Rapid7 Integration for Security Operations application.

    To install the Shodan Exploit Integration, see Install and configure the Shodan Exploit Integration.

    To install other third-party vulnerability integrations, such as, for Vulnerability Response refer to the vendor documentation in the ServiceNow Store.

    For information on Vulnerability Response configuration, integrations, group rules, risk calculators, and remediation target rules, see Vulnerability Response configuration using the Setup Assistant.

  18. If you have a subscription to Vulnerability Solution Management application, see Install the Vulnerability Solution Management application.
  19. If you have a subscription to the Performance Analytics for Vulnerability Response application, see Install and configure the Performance Analytics for Vulnerability Response application.

What to do next

Install optional integrations. See Vulnerability Response integrations for information.