Vulnerable items are automatically created during third-party vulnerability integration imports.

Vulnerable item fields

To view imported data in the fields listed in the following tables, you must have, at a minimum, the sn_vul.read_all role.

These fields are found on records listed in the Vulnerable Items [sn_vul_vulnerable_item] table.

If you have enabled SAM NVD vulnerability scanning, the records are compared to the software in your Configuration Management Database (CMDB) and matches are found with vulnerable software or configuration items (CIs).

Field Description
Select security tag Security tag to add metadata to the record or identify who should have access to this security incident record. This field appears only after the vulnerable item has been saved.
Number Automatically generated vulnerable item number for this record.
Source Scanner that found this vulnerable item.
Risk rating Quantified Risk Score separating vulnerable items into Critical, High, Medium, Low, and None. For more information on risk ratings, see Vulnerability Response calculators and vulnerability calculator rules.
Note: This base Risk rating isn’t the same as the Solution record Risk rating.
Risk score
Calculated amount of risk the vulnerable item poses to your environment.
Note: This base Risk score isn’t the same as the Solution record Risk score.

For more information, see Vulnerability Response calculators and vulnerability calculator rules.

Vulnerability ID of the vulnerability associated with this vulnerable item.
Configuration item Affected asset.
State This field defaults to Open, but you can change it to Under Investigation if the vulnerability is ready for immediate remediation.
Until date for risk reduction Date on which compensatory controls applied to the vulnerable item expire.
Note: This field appears only when the Original risk score value is available.
Assignment group Group selected to work on this remediation task.
Assigned to Individual from the selected assignment group that works on this vulnerability.
Created Date this vulnerable item was created in your instance.
Last opened Date the vulnerable item was most recently opened in your instance. Initially, this is the same as the creation date of the vulnerable item, however, if it was closed, then reopened the Last opened date contains the date and time reopened.
Updated Date of the last scan.
Age Duration for which the VI has been active since the date it was last opened. If the VI is closed, the value of the Age field is set to zero.

For more information on the Age field, see Vulnerable item age calculation and display. For more information on how to customize the calculation of Age duration, see the KB1703270 article.

Vulnerability
Summary Description of the vulnerability.
Severity Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see Create a Vulnerability Response severity map.
Vulnerability score (v3) CVSS v3 score.
Vulnerability score (v2) CVSS v2 score.
Exploit exists Yes, if at least one exploit is associated with the vulnerabilities associated with this vulnerable item.
Exploit attack vector Most vulnerable attack vector of the exploits for the vulnerabilities associated with this vulnerable item.
Exploit skill level Lowest skill level required to exploit the vulnerabilities associated with this vulnerable item.
Date published Date the vulnerability was published.
Last modified Date the vulnerability was last modified.
Threat Relevant information about the threat. Pulled from the vulnerable entry record.
Note: Any changes made here update the vulnerable entry record.
Remediation notes Relevant solution to the threat, pulled from the vulnerable entry record.
Remediation

Available only with Vulnerability Solution Management.

Preferred solution Preferred solution imported from the vulnerability record.
Note: Any manual changes made here don’t change the vulnerability record and remain unchanged on the VI upon subsequent imports.
Summary Imported Summary from the solution record.
Solution type Potential or Preferred solution.
Initial Detection
DNS name Name of the Domain Name Service name. If a CI isn’t provided, this field is used to look up a matching CI, if one exists.
NetBIOS name Name of the NetBIOS. If a CI isn’t provided, this field is used to look up a matching CI, if one exists.
IP Address IPv4 or IPv6 address. If a CI isn’t provided, this field is used to look up a matching CI, if one exists.
Port Address of the port
Protocol Name of the protocol.
SSL Whether SSL encryption is used or not.
Detections
Status State of the detection.
First found Date the third-party source first found the detection on this asset.
Last found Date the third-party source last found the detection on this asset.
DNS name Name of the Domain Name Service name. If a CI isn’t provided, this field is used to look up a matching CI, if one exists.
NetBIOS name Name of the NetBIOS. If a CI isn’t provided, this field is used to look up a matching CI, if one exists.
IP Address IPv4 or IPv6 address. If a CI isn’t provided, this field is used to look up a matching CI, if one exists.
Port Address of the port
Protocol Name of the protocol.
SSL Whether SSL encryption is used or not.
Times found Number of times this vulnerability has been detected on this asset by the third-party source.
Integration run Integration run that imported the detection.
Close

Available once the vulnerable item has been remediated and closed. Items in this section are read-only.

Closed by Who closed the vulnerable item.
Closed Date the vulnerable item was closed.
Close notes Information included in the closure.
Age closed Time period after which the VI was closed. If the VI is reopened, the value of the Age closed field is set to zero.

For more information on how the Age closed field, see Vulnerable item age calculation and display. For more information on how to customize the calculation of Age closed duration, see the KB1703270 article.

Notes
Additional comments/Work notes Any relevant information. Select the check box to add Additional comments.

Starting with Vulnerability Response v20.0, you can add work notes in the Notes section for a deferred vulnerable item.

Activity Only appears when a work note has been created.
Related Links
Calculate Risk Score When either the Vulnerability Severity or Risk Score calculators is enabled, the Risk Score field is updated.
The following are the vulnerable items related lists.