Change management for Vulnerability Response

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Change management for Vulnerability Response

    The Change Management feature within the Vulnerability Response application allows IT remediation owners to create and manage change requests (CHG) directly from remediation tasks (RT). This integration facilitates initiating and tracking change activities on affected assets, enabling effective remediation of vulnerabilities tied to those tasks.

    Show full answer Show less

    Change requests are integral to the remediation process phase (Assess/Fix state) in the Vulnerability Response workflow, helping IT teams implement controlled modifications or removals of configuration items (CIs) in the CMDB while addressing vulnerabilities.

    When to Use Change Requests in Vulnerability Response

    IT remediation owners should create change requests from remediation tasks when a manual, controlled process is necessary for modifying or removing CIs. This approach accelerates investigation and resolution and ensures changes are documented and tracked.

    Typical scenarios requiring change requests include:

    • Applying software patches or fixes before resolving a remediation task
    • Investigating or reassigning subsets of vulnerable items within a remediation task
    • Splitting large remediation tasks into smaller ones targeting specific vulnerable items
    • Associating remediation tasks with existing change requests to avoid duplication

    Types of Change Requests and Management Capabilities

    The application supports three ITSM change types—standard, emergency, and normal—each invoking distinct state models and processes. Change requests record detailed information such as reason, priority, risk, type, and category of the change.

    Key capabilities include:

    • Creating change requests with pre-populated information from remediation tasks to streamline processing
    • Associating remediation tasks to existing change requests to prevent duplicate efforts
    • Filtering vulnerable items within remediation tasks based on specific criteria to create focused change requests
    • Splitting remediation tasks by moving selected vulnerable items into new tasks automatically

    Practical Benefits for ServiceNow Customers

    By leveraging change management within Vulnerability Response, ServiceNow customers can efficiently coordinate remediation activities, maintain clear audit trails, and ensure controlled changes to CIs. This integration optimizes vulnerability resolution workflows, supports compliance, and reduces manual effort by automating change request creation and association.

    As an IT remediation owner, you can create and manage change requests (CHG) directly from remediation tasks (RT) in the Vulnerability Response application. Change requests help you initiate and track change activities on your assets so that you can remediate your remediation tasks and their corresponding vulnerable items.

    Change requests and the vulnerability workflow

    If you are not familiar with the Vulnerability Response application, for more information see Exploring the Vulnerability Response application.

    The following image illustrates the flow of information for Vulnerability Response, from integration (scanner) set up through automated triage and into investigation.

    Change requests and change management are part of the remediation process (Assess/Fix state) in the Vulnerability Response workflow shown in the following figure. During this phase, you might use change requests to initiate and track the remediation of vulnerabilities. You can create and manage change requests directly from the remediation task and list investigation and remediation tasks that include solutions for impacted assets for the configuration items (CI) in your CMDB.

    Figure 1. Change requests in Vulnerability Response
    Workflow that shows using change requests for Vulnerability Response to assess and fix vulnerable items.

    When to use change requests in vulnerability response

    As an IT remediation owner, you might create change requests from a remediation task if a manual and controlled process of any kind is required for modification or removal of supported configuration items (CIs) in your CMDB. Creating and managing change requests directly from a remediation task record helps you investigate and resolve vulnerabilities quickly. The VIs of a resolved remediation tasks can be scanned and verified during the next scheduled scan in your ServiceNow AI Platform and returned to the automated triage of the Vulnerability Response workflow. Manual interventions that might require change requests include the following examples:

    • A software patch, fix, or other task by IT that is required on vulnerable items prior to RT resolution.
    • You determine a subset of the vulnerable items in a remediation task requires further investigation or reassignment to another department.
    • You determine that a subset of vulnerable items in a RT with a large set of vulnerable items can be moved into a new remediation task.
    • You might associate a remediation task to an existing change request to avoid duplication of remediation tasks.

    Types of change requests for an RT

    The Vulnerability Response application utilizes the three types of service changes supported by the ITSM Change Management product on your ServiceNow AI Platform® instance — standard, emergency, and normal. The type of change you select determines which state model is invoked and the change process that must be followed. Change requests record the detailed information about the change, such as the reason of the change, the priority, the risk, the type of change, and the change category. See Change types.

    As a Vulnerability Response IT remediation owner, you have the following options for creating normal, standard, and emergency change requests directly from a remediation task:
    • You can create change requests that contain pre-populated information from the remediation task to streamline the process and save time.
    • You can associate a remediation task to an existing change request to avoid creating duplicate change requests that share similar information and vulnerable items.
    • Using a set of conditions, you can filter out a subset of vulnerable items and split a remediation task. The items that you select are automatically moved to a new RT.

    You can filter vulnerable items using values from any fields from a remediation task and apply the change request to only those items that match your filter criteria.