Vulnerability Response vulnerable item form fields
-
- UpdatedFeb 6, 2025
- 5 minutes to read
- Yokohama
- Vulnerability Response
Vulnerable items are automatically created during third-party vulnerability integration imports.
Vulnerable item fields
To view imported data in the fields listed in the following tables, you must have, at a minimum, the sn_vul.read_all role.
These fields are found on records listed in the Vulnerable Items [sn_vul_vulnerable_item] table.
If you have enabled SAM NVD vulnerability scanning, the records are compared to the software in your Configuration Management Database (CMDB) and matches are found with vulnerable software or configuration items (CIs).
Field | Description |
---|---|
Select security tag | Security tag to add metadata to the record or identify who should have access to this security incident record. This field appears only after the vulnerable item has been saved. |
Number | Automatically generated vulnerable item number for this record. |
Source | Scanner that found this vulnerable item. |
Risk rating | Quantified Risk Score separating vulnerable items into Critical, High, Medium, Low, and None. For more information on risk ratings, see Vulnerability Response calculators and vulnerability calculator rules. Note: This base Risk rating isn’t the same as the Solution record Risk rating. |
Risk score | Calculated amount of risk the vulnerable item poses to your environment.
Note: This base Risk score isn’t the same as the Solution record Risk score. For more information, see Vulnerability Response calculators and vulnerability calculator rules. |
Vulnerability | ID of the vulnerability associated with this vulnerable item. |
Configuration item | Affected asset. |
State | This field defaults to Open, but you can change it to Under Investigation if the vulnerability is ready for immediate remediation. |
Until date for risk reduction | Date on which compensatory controls applied to the vulnerable item expire. Note: This field appears only when the Original risk score value is available. |
Assignment group | Group selected to work on this remediation task. |
Assigned to | Individual from the selected assignment group that works on this vulnerability. |
Created | Date this vulnerable item was created in your instance. |
Last opened | Date the vulnerable item was most recently opened in your instance. Initially, this is the same as the creation date of the vulnerable item, however, if it was closed, then reopened the Last opened date contains the date and time reopened. |
Updated | Date of the last scan. |
Age | Duration for which the VI has been active since the date it was last opened. If the VI is closed, the value of the Age field is set to zero. For more information on the Age field, see Vulnerable item age calculation and display. For more information on how to customize the calculation of Age duration, see the KB1703270 article. |
Vulnerability | |
Summary | Description of the vulnerability. |
Severity | Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see Create a Vulnerability Response severity map. |
Vulnerability score (v3) | CVSS v3 score. |
Vulnerability score (v2) | CVSS v2 score. |
Exploit exists | Yes, if at least one exploit is associated with the vulnerabilities associated with this vulnerable item. |
Exploit attack vector | Most vulnerable attack vector of the exploits for the vulnerabilities associated with this vulnerable item. |
Exploit skill level | Lowest skill level required to exploit the vulnerabilities associated with this vulnerable item. |
Date published | Date the vulnerability was published. |
Last modified | Date the vulnerability was last modified. |
Threat | Relevant information about the threat. Pulled from the vulnerable entry
record. Note: Any changes made here update the vulnerable entry
record. |
Remediation notes | Relevant solution to the threat, pulled from the vulnerable entry record. |
Remediation
Available only with Vulnerability Solution Management. |
|
Preferred solution | Preferred solution imported from the vulnerability record. Note: Any manual changes made here don’t change the vulnerability record and remain unchanged on the VI upon subsequent imports. |
Summary | Imported Summary from the solution record. |
Solution type | Potential or Preferred solution. |
Initial Detection | |
DNS name | Name of the Domain Name Service name. If a CI isn’t provided, this field is used to look up a matching CI, if one exists. |
NetBIOS name | Name of the NetBIOS. If a CI isn’t provided, this field is used to look up a matching CI, if one exists. |
IP Address | IPv4 or IPv6 address. If a CI isn’t provided, this field is used to look up a matching CI, if one exists. |
Port | Address of the port |
Protocol | Name of the protocol. |
SSL | Whether SSL encryption is used or not. |
Detections | |
Status | State of the detection. |
First found | Date the third-party source first found the detection on this asset. |
Last found | Date the third-party source last found the detection on this asset. |
DNS name | Name of the Domain Name Service name. If a CI isn’t provided, this field is used to look up a matching CI, if one exists. |
NetBIOS name | Name of the NetBIOS. If a CI isn’t provided, this field is used to look up a matching CI, if one exists. |
IP Address | IPv4 or IPv6 address. If a CI isn’t provided, this field is used to look up a matching CI, if one exists. |
Port | Address of the port |
Protocol | Name of the protocol. |
SSL | Whether SSL encryption is used or not. |
Times found | Number of times this vulnerability has been detected on this asset by the third-party source. |
Integration run | Integration run that imported the detection. |
Close
Available once the vulnerable item has been remediated and closed. Items in this section are read-only. |
|
Closed by | Who closed the vulnerable item. |
Closed | Date the vulnerable item was closed. |
Close notes | Information included in the closure. |
Age closed | Time period after which the VI was closed. If the VI is reopened, the value of the Age closed field is set to zero. For more information on how the Age closed field, see Vulnerable item age calculation and display. For more information on how to customize the calculation of Age closed duration, see the KB1703270 article. |
Notes | |
Additional comments/Work notes | Any relevant information. Select the check box to add Additional comments. Starting with Vulnerability Response v20.0, you can add work notes in the Notes section for a deferred vulnerable item. |
Activity | Only appears when a work note has been created. |
Related Links | |
Calculate Risk Score | When either the Vulnerability Severity or Risk Score calculators is enabled, the Risk Score field is updated. |