The ServiceNow® Vulnerability Response application imports and automatically groups vulnerable items according to rules that permit you to remediate vulnerabilities quickly. Vulnerability data is pulled from external sources, such as the National Vulnerability Database (NVD) and third-party integrations, and processed with applications developed by ServiceNow®.

Watch an overview about vulnerability response that defines vulnerable items, remediation tasks, and their life cycles.

Vulnerability Response and your enterprise environment

Typically, within an Enterprise environment, organizations use vulnerability scanners and assessment tools to identify and manage the risks vulnerabilities pose to their assets. Vulnerabilities that are identified by these tools translate as risks to the security and IT teams responsible for maintaining and securing an organization’s assets. Some risks might include but aren't limited to the following types of identified vulnerabilities:

  • Reliance on outdated software or misconfigured systems
  • Unsecured network protocols
  • Dependency on flawed third-party software libraries
  • Poor or inconsistent system administration hygiene
  • Baseline system images that are not hardened

As these potential risks are exposed, security and IT teams commonly face challenges in processing and handling the volume of vulnerability information generated from their scanning and assessment tools. Specifically,these teams find themselves overwhelmed when managing a high volume of identified vulnerabilities and crafting actionable response efforts to mitigate the potential risks that face their organizations.

You might identify these challenges to your own security posture by asking the following questions:

  • Which identified vulnerabilities should be reviewed first?
  • What do these identified vulnerabilities mean to our organization?
  • Who should be accountable for and own identified risks?
  • Who should be hands-on, working to resolve/mitigate these risks?
  • How do we effectively mitigate identified vulnerabilities with the resources we have?
  • What are the potential unintended outcomes of reducing the identified vulnerabilities?
  • What process do we follow to remediate vulnerabilities, track the steps we’ve taken, and follow up to be sure our actions worked?
  • How do we know if we are making progress reducing our over-all risk posture?

Vulnerability Response, Security Operations and the Now Platform®

The Vulnerability Response application is part of the Security Operations suite. Together these applications help you protect your assets by improving your overall security posture.

The ServiceNow Vulnerability Response application has two primary goals:

  • Help the security teams challenged with handling huge amounts of vulnerability data.
  • Help the operations teams tasked with resolving vulnerabilities.

In this way, you can use the Vulnerability Response application to automate the flow of information, from integration through investigation, and then on to resolution.

The vulnerability management process in the Now Platform® might involve processes, data, reporting, and automation with the CMDB.

Reporting and auditing. Integrate vulnerability scanners, incorporate business threat and risk context, automate prioritization and triage with AI, coordinate planning with IT, compliance and exception management, confirm vulnerability resolved automatically.

  • Integrate third-party scanners and ServiceNow® applications with the Vulnerability Response application to ingest known vulnerability data.
  • Enhance your ingested vulnerability data with exploit, threat intelligence, risk, and business context. Use this data to help you with patching and remediation strategies.
  • Imported vulnerabilities from the NVD and detection data from third-party products are reconciled with the assets in your CMDB. Triage might include: creating remediation tasks composed of multiple vulnerable items, that is, your assets that are determined to have vulnerabilities, grouping these tasks by category, prioritizing them, and assigning them to teams.
  • Employ coordinated change and exception management to help you resolve vulnerabilities that might require additional manual intervention, more time to resolve, or extensive research.
  • Confirm vulnerabilities are resolved and updated automatically by detections from your scanner products.

Who might use Vulnerability Response in your organization

Vulnerability Response users generally fall into two personae.
Vulnerability Analyst
The vulnerability analyst persona is usually in Security, Risk and Compliance, or Management. These users monitor vulnerabilities and determine when to initiate the remediation processes.
Important: The vulnerability analyst primarily uses the Vulnerability Manager Workspace to monitor and create remediation tasks.
Remediation Owner
The Remediation Owner persona is usually a part of IT Operations, DevOps/Engineering, or a Service Owner. These users complete the remediation tasks necessary to fix vulnerabilities. They might submit exception or change requests if controlled processes are required for asset maintenance or removal.
Important: The remediation owner primarily works on remediation tasks from within the IT Remediation Workspace.

Application Vulnerability Response

The Application Vulnerability Response (AVR) feature of the ServiceNow® Vulnerability Response application imports application vulnerable items (AVITs) and according to rules allows you to remediate application vulnerabilities. It is available by separate subscription. For Application Vulnerability Response documentation see Exploring Application Vulnerability Response.

Available versions

For a glossary of terms and more references that include links, troubleshooting, knowledge articles, in addition to field data on the forms and records found in Vulnerability Response, see Vulnerability Response reference information.

Release version Release Notes

Vulnerability Response v25, v24.0, v23.0

For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes

Vulnerability Response applications and CSDM tables

The Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications manage (contribute data to) CSDM tables. These applications also use data from CSDM tables that other applications generate. Several ServiceNow products, therefore, benefit from and add value to these Security Operations applications. See Vulnerability Response applications and CSDM tables for more information.