Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard

    The Operational Technology (OT) Vulnerability Response application in ServiceNow Yokohama release uses specific indicator sources and indicators to collect data and monitor the progress of vulnerability remediation within your OT environment. These indicators enable you to track active, closed, deferred, and critical vulnerabilities as well as remediation tasks, helping you manage and improve your security posture effectively.

    Show full answer Show less

    Indicator Sources

    The application gathers data from these key indicator sources:

    • OTVI.New: Collects new OT vulnerable items from the snvulvulnerableitem table.
    • OTVI.Active: Includes all active vulnerable items from the same table.
    • OTVI.Closed: Covers all closed vulnerable items.
    • OTRT.Active: Includes all active remediation tasks from the snvulvulnerability table.

    If you anticipate collecting over 1 million records from these sources, you should override the expected count to ensure proper data handling and performance.

    Indicators and Their Purpose

    Multiple indicators measure different aspects of vulnerability and remediation status. By default, the record collection option is disabled to prevent performance degradation due to large data volumes. Key indicators include:

    • OT Vulnerable Items: Total active vulnerable items; goal is to minimize.
    • OT Critical Vulnerable Items: Active critical vulnerabilities; goal is to minimize.
    • OT Unassigned Vulnerable Items: Active vulnerabilities without assignment; goal is to minimize.
    • OT Closed Vulnerable Items: Daily count of closed vulnerabilities; goal is to maximize.
    • OT Deferred Vulnerable Items: Active deferred vulnerabilities; goal is to minimize.
    • OT Critical Deferred Vulnerable Items: Critical deferred vulnerabilities; goal is to minimize.
    • OT Non-Deferred Overdue Critical Vulnerable Items: Critical overdue vulnerabilities that are not deferred; goal is to minimize.
    • OT Remediation Tasks: Active remediation tasks; goal is to minimize.
    • OT Non-Deferred Overdue Critical Remediation Tasks: Critical remediation tasks overdue and not deferred; goal is to minimize.
    • OT Non-Deferred Remediation Tasks: Remediation tasks not deferred; goal is to minimize.
    • OT Non-Deferred Critical Remediation Tasks: Critical remediation tasks not deferred; goal is to minimize.
    • OT Unassigned Remediation Tasks: Remediation tasks without assignment; goal is to minimize.
    • % Vulnerable Items Met Remediation Target: Percentage of closed vulnerabilities meeting remediation targets; goal is to maximize.
    • OT Vulnerable Item Mean Time to Remediate: Average time to remediate closed vulnerabilities; goal is to minimize.
    • OT Summed Duration of Closed Vulnerable Items: Total duration for all closed vulnerabilities; goal is to minimize.

    Practical Considerations for ServiceNow Customers

    • These indicators provide comprehensive visibility into your OT vulnerability remediation status, enabling data-driven decisions to enhance security.
    • Managing assignment and minimizing overdue or deferred critical vulnerabilities and remediation tasks are vital for effective vulnerability management.
    • Monitoring mean time to remediate and closure rates helps evaluate the efficiency of your remediation processes.
    • Adjust the expected record count in indicator sources if you handle very large datasets to maintain dashboard performance and accuracy.

    The Operational Technology Vulnerability Response application uses indicator sources and indicators to gather data and track the progress of your vulnerability remediation.

    Indicator sources

    The Operational Technology Vulnerability Response indicators gather data from the following indicator sources. If you expect more than 1 million records to be collected from the indicator sources, you must override the expected count in the Records collection section of the indicator source. For more information, see Review the indicator sources for a larger number of records.
    OTVI.New
    Uses the sn_vul_vulnerable_item table and collects the new OT vulnerable items.
    OTVI.Active
    Uses the sn_vul_vulnerable_item table and includes all the active vulnerable items in your OT system.
    OTVI.Closed
    Uses the sn_vul_vulnerable_item table and includes all the closed vulnerable items in your OT system.
    OTRT.Active
    Uses the sn_vul_vulnerablity table and includes all the active remediation tasks in your OT system.

    Indicators

    Several indicators are used to measure and track the progress of your vulnerability remediation in the Operational Technology Vulnerability Response application.

    The collect records option for the indicators is inactive by default for the Operational Technology Vulnerability Response application. This option is turned off to avoid the performance issues that may occur when you collect a large amount of data for each indicator.

    OT Vulnerable Items
    Number of the OT vulnerable items on the data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of vulnerable items in your system.
    OT Critical Vulnerable Items
    Number of the OT critical vulnerable items on the data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of critical vulnerable items in your system.
    OT Unassigned Vulnerable Items
    All active OT Vulnerable Items where both the Assignment Group and Assigned To fields are empty. The goal is to minimize the number of unassigned vulnerable items.
    OT Closed Vulnerable Items
    The OT Closed Vulnerable Items indicator is measured daily as a unit number. The goal is to maximize the number of closed vulnerable items in your system.
    OT Deferred Vulnerable Items
    Number of OT deferred vulnerable items on the data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of deferred vulnerable items in your system.
    OT Critical Deferred Vulnerable Items
    Number of OT critical deferred vulnerable items on data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of critical deferred vulnerable items.
    OT Non-Deferred Overdue Critical Vulnerable Items
    Number of OT non-deferred overdue critical vulnerable items on the data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of non-deferred overdue critical vulnerable items in your system.
    OT Remediation Tasks
    Number of OT remediation tasks on the data source OTRT.Active, which uses the sn_vul_vulnerability table. The goal is to minimize the number of remediation tasks in your system.
    OT Non-Deferred Overdue Critical Remediation Tasks
    Number of OT non-deferred overdue critical remediation tasks on the data source OTRT.Active, which uses the sn_vul_vulnerability table. The goal is to minimize the number of non-deferred overdue critical remediation tasks in your system.
    OT Non-Deferred Remediation Tasks
    Number of OT non-deferred remediation tasks on the data source OTRT.Active, which uses the sn_vul_vulnerability table. The goal is to minimize the number of non-deferred remediation tasks in your system.
    OT Non-Deferred Critical Remediation Tasks
    Number of OT non-deferred critical remediation tasks on the data source OTRT.Active, which uses the sn_vul_vulnerability table. The goal is to minimize the number of non-deferred critical remediation tasks in your system.
    OT Unassigned Remediation Tasks
    All active remediation tasks where both the Assignment Group and Assigned To fields are empty. The goal is to minimize the number of unassigned remediation tasks in your system.
    % Vulnerable Items Met Remediation Target
    ([[Closed Vulnerable Items > Remediation Target = Target Met]] / [[Closed Vulnerable Items]]) * 100

    The goal is to maximize the percentage of vulnerable items that meet the remediation target in your system.

    OT Vulnerable Item Mean Time to Remediate
    [[Summed Duration of Closed Vulnerable Items]] / [[Closed Vulnerable Items]]
    OT Summed Duration of Closed Vulnerable Items
    Number of OT summed duration of closed vulnerable items on the data source OTVI.Closed, which uses the sn_vul_vulnerable_item table. The goal is to minimize the summed duration of the closed vulnerable items in your system.