The ServiceNow®
Vulnerability Response application
imports and automatically groups vulnerable items according to group rules allowing you to
remediate vulnerabilities quickly. Vulnerability data is pulled from internal and external
sources, such as the National Vulnerability Database (NVD) or third-party integrations.
Compare vulnerability data pulled from internal and external sources. For any vulnerable
items, create change requests and security incidents using vulnerability groups to remediate
issues and mitigate risk.
Watch an overview of the typical vulnerability response within an enterprise versus the
vulnerability response with ServiceNow® . It defines vulnerable
items, vulnerability groups, and their lifecycles.
VIDEO
Vulnerability Response and the
Now Platform® Vulnerability Response is one member
of the Security Operations application
suite. Together these applications connect security to your IT department,
increase the
speed and efficiency of your response, and give you a definitive view of your security
posture.
Vulnerability Response
flowYou use Vulnerability Response to
follow the flow of information, from integration through investigation, and then on to
resolution.
Integrate your Vulnerability scanner
After vulnerability data is imported, you can compare the data to CIs and software
identified in the
ServiceNow®
Asset Management application. You can
perform the following tasks.
Compare vulnerability-related data, if a vulnerability is found on a configuration
item.
Escalate issues by creating change requests, and security incident records (if the ServiceNow®
Security Incident Response
application is activated).
Manage vulnerable items grouped by the vulnerability, or CI, or individually. Each
vulnerability represents a vulnerability entry in the NVD, Common Weakness Enumeration
(CWE), or third-party libraries.
Relate a single third-party vulnerability to multiple Common Vulnerabilities and
Exposure (CVE) entries.
Use CWE records, downloaded from the CWE database, for reference when deciding whether
a vulnerability must be escalated. Each CWE record also includes an associated knowledge
article that describes the weakness. You cannot escalate a vulnerability from the Common
Weakness Enumerations page. That page is for reference only.
Multi-source support
You can have multiple deployments of the Qualys Vulnerability Integration and Rapid7 InsightVM type integrations.
Assets, identified by multiple third-party
deployments and their vulnerabilities, are consolidated and reconciled with your CMDB. This
consolidation happens even when scan processes overlap between the multiple deployments. Data
sourced from each deployment is identified and available in a single instance of Vulnerability Response .
Qualys Vulnerability Integration KnowledgeBase
records are normalized across deployments, ensuring that instances of the same vulnerability
across deployments are treated as the same vulnerability. Setup for the Qualys Vulnerability Integration multi-source
integration is available within the Setup Assistant.
Prioritize vulnerabilities
Vulnerability Response data correlation is performed using groups, calculators, and
libraries. You can perform the following tasks.
Create vulnerability groups to contain vulnerable items from NVD, CWE, and third-party
integrations.
Assign prioritization, rules, and access.
Create assignment rules.
Create vulnerability group rules based on vulnerabilities, filters, filter conditions,
and group keys.
Use calculator groups to determine business impact, specify varying conditions using
filters, apply simple calculations, or use a script.
View ungrouped vulnerable items and vulnerabilities.
Create change requests and coordinate planning
Vulnerability Response remediation is primarily a manual process performed at the group
level. There are multiple ways to remediate vulnerability groups.
Create emergency, standard, and normal change requests directly from vulnerability groups
to expedite your investigation and remediation of vulnerabilities with Change management for Vulnerability Response . Create change requests that
contain pre-populated information imported directly from a vulnerability group, filter out a
subset of vulnerable items and create a new vulnerability group, or associate vulnerability
groups to existing change requests.
Prior to Vulnerability Response v9.0, from the Under Investigation state, create change
requests, defer, or close the group.
If the vulnerability is a security incident and Security Incident Response is
activated, you can create security incident records.
Assignment rules are used to automate vulnerable item or vulnerability assignments. Due to
the large volume in data imports, care should be taken with automated vulnerable item
assignment.
Confirm vulnerability resolution
Vulnerability Solution Management contains solution integrations such as the Microsoft Security Response Center Solution Integration .
Starting with v10.3, Red Hat Solution Integration is
also available.
Automatically correlate the vulnerabilities in your environment with the solutions that
would remediate them. Identify the remediation actions that apply to your environment and
prioritize them by the greatest reduction in vulnerability risk.
Vulnerability Response provides several useful reports, charts, and an Explorer dashboard
for you to analyze and monitor data before and after remediation. You can also return Vulnerability Response -related information using the global search feature.
Automated rescan confirms that your changes have taken effect or the need to
reschedule.
Mobile experience for Vulnerability Response
Access the Vulnerability Response
application on your Now Platform® instance directly from your mobile device.
View and search vulnerabilities, vulnerability groups, and assignments using the Vulnerability Response mobile
application.
This mobile application gives you the flexibility to reassign, edit fields, and begin
remediation without being tied to the desktop.
Vulnerability Response
terminologyThe following terms are used in
Vulnerability Response .
Common Vulnerability and Exposure (CVE)
Dictionary of publicly known information-security vulnerabilities and
exposures.
Common Vulnerability
Scoring System (CVSS) Open framework for communicating the characteristics and severity of software
vulnerabilities. CVSS3 was not available prior to 2015.
Common Weakness Enumeration (CWE)
List of community-developed software weakness types.
Discovery models
Software models used to help normalize the software you own by analyzing and
classifying models to reduce duplication.
National Vulnerability Database (NVD)
U.S. government repository of standards-based vulnerability management data
represented using the Security Content Automation Protocol (SCAP).
Vulnerability calculators and vulnerability calculator rules and Vulnerability Rollup Calculators Calculators used to prioritize and categorize vulnerabilities based on user-defined
criteria.
Vulnerability groups and group rules overview Used to group vulnerable items based on vulnerability, vulnerable item conditions,
or filter group.
Vulnerability Integrations Scheduled jobs that pull report data from NVD, CWE, or a third-party system, such as
the Qualys Cloud Platform , to retrieve vulnerability data.
Vulnerabilities Records of potentially vulnerable software downloaded from the National Institute of
Standards and Technology (NIST) NVD, CWE, or third-party integrations.
Vulnerable items
Pairings of vulnerable
entries, downloaded from the NIST NVD or third-party integrations, and potentially vulnerable
configuration items and software in your company network. 
