Creating a remediation task manually is done when you want to group vulnerable items by something other than the Remediation Task Rules criteria. For example, you can create tasks for a particular manager, or for active, new exploits, such as ransomware that include different vulnerabilities. You can also use it to group ungrouped vulnerable items.

Important: You can create host remediation tasks in the:
  • Vulnerability Manager Workspace as a user with the sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin role.
  • IT Remediation Workspace as a user with sn_vul.remediation_owner role.

Before you begin

Role required: sn_vul.vulnerability_analyst, sn_vul.vulnerability_admin or sn_vul.admin (deprecated)

Procedure

  1. Navigate to All > Vulnerability Response > Remediation Tasks.

    Remediation task rules work the same way that remediation task rules previously worked, and they are still available to you. However, you might prefer to leave remediation task rules inactive as you get used to the features that are available to your security managers and IT teams in the workspaces.

  2. Select one of the categories for tasks to open the list.
  3. Click New.
  4. Fill in the fields on the form, as appropriate.
    For information on specific fields, see Remediation task form fields.
  5. Click Submit.
    When the task is created, using the Condition or Filter Group filter type the Vulnerable Item related list searches for and displays all matching vulnerable items.

    You can use the Related Link, Re-scan for Vulnerabilities to manually trigger a ServiceNow® - initiated scan. For information on how to configure a vulnerability scanner, see Configure and manage Qualys vulnerability scanners and scans.

    For a Qualys Vulnerability Integration, a default scanner is pre-installed in the Vulnerability Scanners module. This scanner is deactivated by default. Select the Active and Default check boxes to activate the Qualys scanner to work using the Scan for Vulnerabilities related link on the remediation task and vulnerable item forms.

    The Update status related link displays the date and time of the last update. It rolls up information from the VIs in the remediation task. See Remediation task form fields for more information. When a task is formed based on a specific vulnerability, that vulnerability is listed on the remediation task form.

    If you open an associated vulnerable item, any associated remediation task entries appear under the Remediation Task related list tab.