Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Remediate vulnerability groups

Log in to subscribe to topics and get notified when content changes.

Remediate vulnerability groups

The flexibility inherent in Vulnerability Response allows you to remediate vulnerabilities manually in whatever way suits your security organization.

Before you begin

Role required: sn_vul.admin

About this task

Once you are notified that a change request (CHG) is resolved, move the vulnerability group state to Resolved and wait for the next scan. Rescans are triggered automatically by the third-party import schedule configured in the Setup Assistant.
Note:

Starting with Vulnerability Response v9.0, if state synchronization is enabled, vulnerability groups are automatically moved to the Resolved state after a change request associated with a VG is implemented and in theReview state. See Change management for Vulnerability Response.

Procedure

  1. Navigate to Vulnerability > Vulnerabilities > Vulnerability Groups.
  2. Click a vulnerable group record that is in the Open state.
    The Open state indicates that the record has not yet been worked on. The form displays:
    • Vulnerability group information
    • Group Configuration details
    • Notes
    • Associated vulnerable items
    • Task SLAs
    • Change Requests
  3. Perform your analysis of the group.
  4. When you are ready to start working on the record, choose any of the following options:
    OptionDescription
    If the vulnerable item poses a risk to your IT environment, create a CHG record and escalate the issue to Change Management team.

    Version 8.0: See Create a change request in Vulnerability Response (Prior to v9.0).

    Starting with v9.0: See Create a change request from a vulnerability group
    Note: Starting with v9.0, you can still manually move change requests and vulnerability groups through the states of their life cycles on their respective records with state synchronization enabled, but when the system registers that a CHG has changed its state, or you add a CHG or remove it from a vulnerability group, state synchronization potentially can override your manual intervention. However, change request states do not automatically move vulnerability groups from the Closed or Deferred states.
    Assign the group to the appropriate group or individual and click Create Change.
    If the vulnerable item poses a potential security risk to your organization, create a security incident record and escalate the issue to the Security Incident Response team. Click Create Security Incident.

    This button is displayed only when Security Incident Response is activated. A business impact calculation is applied, the incident is assigned, and the security incident is created.

    After you create a change request, the appropriate record appears in the Change Requests related list on the Vulnerability Group form.
  5. If you determine that the issue is of low risk and can be deferred, click Close/Defer.
    For instructions, see Defer a vulnerability group.
  6. If you determine that the issue can be immediately closed without further analysis, click Close/Defer.
    For instructions, see Close a vulnerability group.
  7. A third-party integration scheduled job automatically updates and scans records at a set interval. The vulnerable items are scanned at the next scheduled date and time. Alternatively, you can manually initiate a vulnerability scan using the Scan for Vulnerabilities related link.

    If the scan again finds the vulnerability on the configuration item and does not mark it Fixed, the vulnerable item returns to the Under Investigation state. Contact IT Operations to reopen the change request.

    If the scan does not find the vulnerability and returns that the vulnerable item has been marked Fixed, the vulnerable item transitions to the Closed-Fixed state and is closed during import.

    Only when all vulnerable items in a group are in the Closed-Fixed state, does the vulnerability group close automatically. Vulnerability groups with vulnerable items in Closed states other than Fixed must be closed manually.

Feedback