Use the steps illustrated in the following images to download the Vulnerability Response application from the ServiceNow Store, install it on your Now Platform® instance, and configure it using the Setup Assistant.

An installation and configuration example for installing the base system, the Vulnerability Response application and a third-party scanner application, the Qualys application, is illustrated in the following images. Required roles and mandatory tasks, as well as optional steps, are also listed.

  • For more information about each step illustrated in the following images and a checklist with links to supporting documentation, see Implementation checklist for the Vulnerability Response application.
  • You can extend the concepts and sequence of steps presented in this example to installing and configuring other supported applications for Vulnerability Response. For a list of support applications, see Installation of Vulnerability Response and supported applications.
  • The admin role is required to download and install the Vulnerability Response application and the Qualys Vulnerability application used for this example.
  • The admin role also assigns the Vulnerability admin [sn_vul.vulnerability_admin] persona and other Vulnerability Response persona roles to users and groups.
Figure 1. Admin tasks
Refer to the first section for links and a description of how to download, activate, and configure apps from within the Setup Assistant.

The sn_vul.vulnerability_admin role configures the Vulnerability Response and Qualys applications in Setup Assistant and verifies expected results.

Follow the steps and prompts in Setup Assistant starting with the Vulnerability Response Settings section to continue with the installation and configuration. Reviewing these settings helps you understand and verify the processes of Vulnerability Response as you continue to set up your environment.

Role required: sn_vul.vulnerability_admin or, alternatively, admin.

Figure 2. Vulnerability admin tasks
Vulnerability admin tasks in the Setup Assistant under the Vulnerability Response Settings module and the Integration Configuration module.

Review the descriptions, default settings, and demo data that you installed with the applications in the following sections:

  • Vulnerability Assignment Rules - automatically assign vulnerable items (VIs) to the appropriate assignment group.
  • Remediation Task Rules - automatically group vulnerable items (VIs) as they are imported based on certain conditions.
  • Risk Calculators - Default Risk Calculator is enabled.
  • Remediation Target Rules - Define remediation time lines for VIs and remediation tasks (RTs).
  • Review and edit the settings for the third-party applications and installed solutions you installed and define conditions for your data imports. Enter your third-party account information and configure import settings, and schedules, configuration item (CI) lookup rules, as well as other settings.

See Implementation checklist for the Vulnerability Response application for more information.

For additional information while customizing or implementing the Vulnerability Response application, see KB1000704.