As an IT remediation owner, from an existing remediation task (VUL), identify a subset of vulnerable items (VI) that you want to move to a new group.

Before you begin

Note:

Use cases for splitting VIs from existing VULs into new remediation tasks might include the following examples:

  • When you want to create a change request or change requests for a split task.
  • When you reassign a split group to another user in your assignment group.
  • When you request a deferral or exception for a split task, because you know that some vulnerabilities on specific configuration items (CI) cannot be remediated in a given time frame.
Role required: Any user with the itil role for splitting a VUL.
Note: The sn_vul.remediation_owner role is also automatically assigned when the itil role is assigned to a user.

About this task

For more information about splitting remediation tasks in the Vulnerability Response workspaces, see Split a remediation task in the IT Remediation Workspace.

To split a remediation task in the classic environment or for versions of Vulnerability Response.

You can split existing remediation tasks with more than one vulnerable item that are in the Open, Under Investigation, or Awaiting Implementation states. By creating a new VUL with vulnerable items that match specific criteria, you can work with a specific group of vulnerable items without impacting the original remediation task.

When you specify the conditions for the vulnerable items that you want to move to a new remediation task with the condition builder, only the active VIs that match your criteria are moved to the new group.

You are not required to create change requests (CHG) when you split a VUL. You have the option to split a VUL at the same time you create a change request, or, you can split a VUL without creating a change request. The following image illustrates the basic flow for splitting a remediation task. The detailed steps for this flow follow the image.

The remediation task record is referred to as a VUL in the following sections. In previous versions of Vulnerability Response, remediation tasks were called, vulnerability groups (VG). In the following images, VG= remediation task, or a VUL record.

Figure 1. Workflow for splitting a remediation task
Split task flow.

Procedure

  1. Navigate to All > Vulnerability Response > Remediation Tasks > Assigned to My Groups.
    The remediation tasks list is displayed.
  2. In the Number column, click a record to open it.
    The record is displayed.
  3. On the upper right of the VUL, click Split Task.
    The Split remediation task form is displayed.
    Split form.
  4. With the condition filter displayed, specify the conditions for the vulnerable items that you want to move to a new task.
    For example, you may prefer to filter out only vulnerable items that match the following conditions:
    • In Open states.
    • Risk scores greater than 80.
    • Configuration items that contain 'WINSV'.
    • Located in San Diego.
    As an example, for conditions, you might enter:
    • State - is - Open
    • Risk score - is greater than or is - 80
    • Configuration item . Name - contains - WINSV
    • Configuration item . Location - is - San Diego

    If vulnerable items match your filter after you enter the conditions, a message is displayed with the number vulnerable items that match.

    Note: If a message is displayed that no vulnerable items match your filter, adjust the conditions so at least one vulnerable item matches your filter criteria.
    No matching VIs message.
  5. (Optional) Adjust the filter as required.
  6. (Optional) To help you identify the new VUL after it is created, you may prefer to update the Short description field.
    If edited, use the short description field as search criteria for the new VUL to help you locate it after it is created, for example,LOCATED IN SAN DIEGO.
  7. (Optional) To preview details about the vulnerable items that match your filter criteria, follow these steps before you click Split Task to create the new VUL.
    These details include existing change requests that are already associated with this subset and VULs with these vulnerable items. Viewing this information on the preview may prevent you from creating duplicate VULs.
    1. In the blue confirmation message on the Split remediation task form, click Preview matching items.
      The Remediation Task Item list is displayed in a new window in your browser with a list of vulnerable items that match your conditions.
    2. In the Number column, click an item to open the record.
    3. In the record that is displayed, to the right of the vulnerability group or the vulnerability item fields, click the information icon for the Vulnerable item to view the records.
      Remediation Task Item record.
    4. On the dialog that is displayed, click Open Record.
      Information about the remediation target date is displayed. In the Related Lists section, click a related list to view more information about the VI.
  8. When you are ready to create the new VUL with the VI(s) that meet your conditions, close the preview window to return to the split task form in the other window and, at the top of the form, click Split Task.
    Note:

    For under 200 VIs, the split operation is done synchronously.

    For over 200 VIs, the split operation is done asynchronously in the background, and it may take a few seconds for the VIs to appear in the new group.

    A confirmation message is displayed that shows all the active VIs that are moved to the new group. The new remediation task number is also displayed. If not already in Under Investigation, the VUL is moved to Under Investigation. Check the Short description field for the text you entered for the new VUL in the (LOCATED IN SAN DIEGO).

    Roll-up calculations on the new group are performed to calculate its new Risk Score, Remediation Target Date, and other field values.

    New Task after split with short description updated and confirmation message.

    The vulnerable items, preferred solutions, and change requests are displayed on the Related Lists on the bottom of the record. Process and monitor this new task as you would with any remediation task.

  9. (Optional) Scroll to the Notes related list and click to select it.
    Confirm that the number of vulnerable items from the original remediation task have been moved to the new group in the activity stream.
  10. (Optional) On the new VUL, to select and split the VIs from the Vulnerable items related list once again, scroll to the bottom of the remediation task record, and, with the VIs you want to move selected in the Vulnerable item column of the Vulnerable Items related list, from the Actions on selected rows choice list, select Split Task.
    The Split remediation task form is displayed.
  11. To split the group again and move the selected items to a new group, click Split Task.
    The selected VIs are moved to another remediation task, the confirmation message is displayed, and the new group is displayed.
  12. Choose one to continue your investigation or remediation.
    OptionDescription
    Create Security Incident Create a security incident.
    Create Change Create a change request for this remediation task.
    Split Task If the new group has more than one VI, split this remediation task again to create another subset of vulnerable items.
    Awaiting Implementation If displayed, move the task from Under Investigation to the Awaiting Implementation state.
    Close or Request Exception Close or defer the remediation task. A confirmation dialog is displayed with the following required fields:
    • State
    • Reason
    • Additional information

    Fill in the fields to close or defer the group and click Submit.
    Delete Delete this remediation task.
    State Move the record to another state displayed in the choice list and click Update to save your changes to the record.
    Note: You can manually move the new VUL through the states of its life cycle. However, if state synchronization is enabled, and the system registers that a change request associated with the VUL has changed its state, or you add a CHG or remove it from the VUL, state synchronization potentially can override your manual intervention.

    For more information, see State synchronization between change requests and remediation tasks.
    Assignment group Reassign the VUL to an assignment group and click Update to save your changes to the record.
    Assigned to Assign the VUL to yourself or to a specific user in another assignment group and click Update to save your changes to the record.

What to do next

Monitor the state of the new VUL to expedite its resolution.