Home Paris Security Incident Management Security Operations Vulnerability Response Vulnerability Response remediation overview Vulnerability Response remediation progress monitoring Remediate Vulnerability Response groups

Remediate Vulnerability Response groups

The flexibility inherent in Vulnerability Response allows you to remediate vulnerabilities in whatever way suits your security organization.

Before you begin

Role required: v10.3 sn_vul.vulnerability.admin or sn_vul.admin (deprecated)

Starting with v10.3, persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

About this task

Once you are notified that a change request is resolved, move the vulnerability group state to Resolved and wait for the next scan. Rescans are triggered automatically by the third-party import schedule configured in the Setup Assistant.

Note:

If state synchronization is enabled, vulnerability groups are automatically moved to the Resolved state after a change request associated with a VG is implemented and in theReview state. See Change management for Vulnerability Response.

Procedure

Navigate to Vulnerability > Vulnerabilities > Vulnerability Groups.
Click a vulnerable group record that is in the Open state.
The Open state indicates that the record has not yet been worked on. The form displays:
- Vulnerability group information
- Group Configuration details
- Notes
- Associated vulnerable items
- Task SLAs
- Change Requests
Perform your analysis of the group.

When you are ready to start working on the record, choose any of the following options:

Option	Description
If the vulnerable item poses a risk to your IT environment, create a CHG record and escalate the issue to Change Management team.	Assign the group to the appropriate group or individual and click Create Change.
If the vulnerable item poses a potential security risk to your organization, create a security incident record and escalate the issue to the Security Incident Response team.	Click Create Security Incident. This button is displayed only when Security Incident Response is activated. A business impact calculation is applied, the incident is assigned, and the security incident is created.

After you create a change request, the appropriate record appears in the Change Requests related list on the Vulnerability Group form.

If you determine that the issue is of low risk and can be deferred, click Close/Defer.
For instructions, see Defer a vulnerability group.
If you determine that the issue can be immediately closed without further analysis, click Close/Defer.
For instructions, see Close a vulnerability group.
A third-party integration scheduled job automatically updates and scans records at a set interval. The vulnerable items are scanned at the next scheduled date and time. Alternatively, you can manually initiate a vulnerability scan using the Scan for Vulnerabilities related link.

If the scan again finds the vulnerability on the configuration item and does not mark it Fixed, the vulnerable item returns to the Under Investigation state. Contact IT Operations to reopen the change request.

If the scan does not find the vulnerability and returns that the vulnerable item has been marked Fixed, the vulnerable item transitions to the Closed-Fixed state and is closed during import.

Only when all vulnerable items in a group are in the Closed-Fixed state, does the vulnerability group close automatically. Vulnerability groups with vulnerable items in Closed states other than Fixed must be closed manually.

Previous topic

Next topic

Release version

Remediate Vulnerability Response groups

The flexibility inherent in Vulnerability Response allows you to remediate vulnerabilities in whatever way suits your security organization.

Before you begin

Role required: v10.3 sn_vul.vulnerability.admin or sn_vul.admin (deprecated)

About this task

Note:

Procedure

Navigate to Vulnerability > Vulnerabilities > Vulnerability Groups.
Click a vulnerable group record that is in the Open state.
The Open state indicates that the record has not yet been worked on. The form displays:
- Vulnerability group information
- Group Configuration details
- Notes
- Associated vulnerable items
- Task SLAs
- Change Requests
Perform your analysis of the group.

When you are ready to start working on the record, choose any of the following options:

Option	Description
If the vulnerable item poses a risk to your IT environment, create a CHG record and escalate the issue to Change Management team.	Assign the group to the appropriate group or individual and click Create Change.
If the vulnerable item poses a potential security risk to your organization, create a security incident record and escalate the issue to the Security Incident Response team.	Click Create Security Incident. This button is displayed only when Security Incident Response is activated. A business impact calculation is applied, the incident is assigned, and the security incident is created.

After you create a change request, the appropriate record appears in the Change Requests related list on the Vulnerability Group form.

If you determine that the issue is of low risk and can be deferred, click Close/Defer.
For instructions, see Defer a vulnerability group.
If you determine that the issue can be immediately closed without further analysis, click Close/Defer.
For instructions, see Close a vulnerability group.
A third-party integration scheduled job automatically updates and scans records at a set interval. The vulnerable items are scanned at the next scheduled date and time. Alternatively, you can manually initiate a vulnerability scan using the Scan for Vulnerabilities related link.

If the scan again finds the vulnerability on the configuration item and does not mark it Fixed, the vulnerable item returns to the Under Investigation state. Contact IT Operations to reopen the change request.

If the scan does not find the vulnerability and returns that the vulnerable item has been marked Fixed, the vulnerable item transitions to the Closed-Fixed state and is closed during import.

Only when all vulnerable items in a group are in the Closed-Fixed state, does the vulnerability group close automatically. Vulnerability groups with vulnerable items in Closed states other than Fixed must be closed manually.

How search works:

Topics are ranked in search results by how closely they match your search terms

Remediate Vulnerability Response groups

Remediate Vulnerability Response groups

On this page

Remediate Vulnerability Response groups

Remediate Vulnerability Response groups

Log in to personalize your search results and subscribe to topics