The flexibility inherent in Vulnerability Response allows you to remediate vulnerabilities in whatever way suits your security organization.

Before you begin

Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated)

About this task

Once you are notified that a change request is resolved, move the remediation task state to Resolved and wait for the next scan. Rescans are triggered automatically by the third-party import schedule configured in the Setup Assistant.
Note:

If state synchronization is activated, remediation tasks are automatically moved to the Resolved state after a change request associated with a remediation task (VUL) is implemented and in the Review state. See Change management for Vulnerability Response.

Procedure

  1. Navigate to All > Vulnerability Response > Remediation tasks > Assigned to me.
  2. Click a record that is in the Open state.
    The Open state indicates that the record has not yet been worked on. The form displays:
    • Remediation task information
    • Group Configuration details
    • Notes
    • Associated vulnerable items
    • Task SLAs
    • Change Requests
  3. Perform your analysis of the group.
  4. When you are ready to start working on the record, choose any of the following options.
    OptionDescription
    If the vulnerable item poses a risk to your IT environment, create a CHG record and escalate the issue to Change Management team. Assign the group to the appropriate group or individual and click Create Change.
    If the vulnerable item poses a potential security risk to your organization, create a security incident record and escalate the issue to the Security Incident Response team. Click Create Security Incident.

    This button is displayed only when Security Incident Response is activated. A business impact calculation is applied, the incident is assigned, and the security incident is created.
    After you create a change request, the appropriate record appears in the Change Requests related list on the Vulnerability Group form.
  5. If you determine that the issue is of low risk and can be deferred, click Request Exception.
    For more information on how to defer a remediation task, see Defer a Remediation task.
  6. If you determine that the issue can be immediately closed without further analysis, click Close.
    For more information on how to close a remediation task, see Close a remediation task. Starting with v23.0 of Vulnerability Response, the Close button has been removed for a remediation task.

    A third-party integration scheduled job automatically updates and scans records at a set interval. The vulnerable items are scanned at the next scheduled date and time. Alternatively, you can manually initiate a vulnerability scan using the Scan for Vulnerabilities related link.

    If the scan again finds the vulnerability on the configuration item and does not mark it Fixed, the vulnerable item returns to the Under Investigation state. Contact IT Operations to reopen the change request.

    If the scan does not find the vulnerability and returns that the vulnerable item has been marked Fixed, the vulnerable item transitions to the Closed-Fixed state and is closed during import.

    Only when all vulnerable items in a task are in the Closed-Fixed state, does the remediation task close automatically. Remediation tasks with vulnerable items in Closed states other than Fixed must be closed manually.