Create or edit Vulnerability Response assignment rules

After you complete your initial assessment of assignment rules using Setup Assistant, you can create rules to automatically assign vulnerable items based on filter conditions. These rules assign vulnerable items as they are imported or manually created.

Before you begin

Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated)

Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

About this task

The base system ships with one vulnerability assignment rule, Assign to CI support group, which assigns vulnerable items to the same assignment group as the CI support group. This rule can be modified using filter conditions or you can create a new rule. With assignment rules, you define the condition(s) of assignment and the order of execution. Once a VI matches a rule condition, the assignment lookup stops.

Procedure

  1. Navigate to All > Vulnerability Response > Administration > Assignment Rules.
  2. Open the Assign to CI support group rule or click New.
  3. If New, fill in the fields on the form, as appropriate.
    Table 1. Vulnerability Assignment Rule
    Field Description
    Name Name of the group rule.
    Active Indicates whether the assignment rule is active.
    Execution order

    Order in which the rules are evaluated.

    High priority rules, items that need special handling, where risk is critical, or a VI should be handled by regulatory compliance, to be run first. Next, run your general rules, where no special handling is required, and you know who should be responsible for them. Finally, create a default rule to assign VIs to the group that will figure out what assignment group it should belong to. This group could add another rule to cover their decisions. This default rule would run last.

    Description Description of the assignment rule.
    Condition
    Preview Shows how many results this query will return.
    Condition fields Conditions that must be met.
    Note: To make Rapid7 InsightVM asset tags available for use in the Condition filter for Assignment Rules, you must run the Rapid7 InsightVM Asset List integration before the other Rapid7 InsightVM integrations.

    Case sensitivity for the search text you enter in the condition builder is not supported on this record or form.

    New Criteria Adds more condition filter fields to choose from.
    Assign using
    To automate the assignment of groups created based on this rule, choose one of the options available.
    • User group: Select a user group from the lookup table.
    • User group field: Select a user group field from the drop-down menu.
    • Script: Create or edit a script.
      Note: Creating or edit a script requires ServiceNow expertise.
  4. Click Submit.
    New or updated rules are evaluated on the next import.
    Note:

    The reapply feature requires a baseline application of the rules. Once your rules are created, if you haven't already done so, activate the Reapply all vulnerability assignment rules scheduled job to execute, at your convenience. It applies all the rules to all Open VIs except those manually assigned. Depending on how many active VIs you have in your environment, remember to set the Run field appropriately following the initial run to prevent performance impacts.

    If you haven't run this scheduled job, when you try to use the Apply Changes button on the Assignment Rules form, you will have to do it then. Reapplying assignment rules does not regroup the vulnerable items.