Remediation task state for Vulnerable Items (VITs) in multiple groups

Xanadu Security Management

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Security Management

ft:clusterId

security

bundleId

security

workflow

Technology

Remediation task state for Vulnerable Items (VITs) in multiple groups

Release version: Xanadu

Updated January 30, 2025

3 minutes to read

Summarize

Summarized using AI

Summary of Remediation task state for Vulnerable Items (VITs) in multiple groups

This document outlines how the state of Vulnerable Items (VITs) is determined when they are associated with multiple remediation tasks (RTs). The primary factor is the precedence of the states in these tasks, which dictates the final state of the VIT. Understanding this system allows ServiceNow customers to effectively manage and track the status of vulnerable items across different groups.

Show full answer Show less

Key Features

State Precedence: The VIT inherits its state based on the highest precedence of the associated remediation tasks. For example, if one task is 'Under Investigation' and another is 'Open', the VIT state will be 'Under Investigation'.
Individual State Setting: If a VIT's state is set individually, it will still be considered in the precedence evaluation among associated RTs.
Special Cases: Certain rules apply when states change, such as when one task is marked 'Closed' while another is still 'Under Investigation', resulting in a change of the VIT state to 'Under Investigation'.

Key Outcomes

By effectively applying the rules of state precedence for VITs, ServiceNow customers can:

Ensure accurate tracking and reporting of vulnerable items based on their remediation tasks.
Quickly identify the current state of VITs, which aids in prioritizing remediation efforts.
Adapt to changes in remediation task statuses, ensuring that VITs reflect the most current and relevant state.

When a VIT is in multiple remediation tasks, (RT in the following tables), and its own state has not been set, the higher precedence group state determines the state of that VIT, as shown in the following table.

Table 1. Vulnerable item states examples
Remediation task state	Vulnerable item state
RT 1: Open > Under Investigation RT 2: Open	Under Investigation When RT 1 is Under Investigation and RT 2 is Open, the VI changes to Under Investigation. After the search, between RT 1 and RT 2, RT 1 has the state with the highest precedence.
RT 1: Under Investigation RT 2: Open > Under Investigation	Under Investigation When RT 2 is Under Investigation and RT 1 is Under Investigation, the VI stays as Under Investigation. After the search, between RT 1 and RT 2, they have the state with the same precedence.
RT 1: Under Investigation RT 2: Under Investigation > Awaiting Implementation	Awaiting Implementation When RT 2 is Awaiting Implementation and RT 1 is Under Investigation, the VI changes to Awaiting Implementation. After the search, between RT 1 and RT 2, RT 2 has the state with the highest precedence.
RT 1: Under Investigation > Deferred RT 2: Awaiting Implementation	Deferred When RT 1 is Deferred and RT 2 is Awaiting Implementation, the VI changes to Deferred. After the search, between RT 1 and RT 2, RT 1 has the state with the highest precedence.

Table 2. Vulnerable item in multiple groups special cases
Remediation task State	Vulnerable Item State
RT 1: Under Investigation RT 2: Awaiting Implementation > Closed (Fixed or Cancelled)	Under Investigation When RT 2 is Closed/Fixed or Closed/Cancelled, and RT 1 is Under Investigation, the VI changes from Awaiting Implementation (previously the highest precedence) to Under Investigation (currently the highest precedence).
RT 1: any state RT 2: any state	If the vulnerable item source status is Fixed (updated by a scan or import), then when the group changes its state, the vulnerable item changes its state to Closed/Fixed. This condition is true no matter what states the other associated groups are in. The vulnerable item search for the group state does not occur.

When a VI state is set individually, its state is considered when evaluating precedence, as with any other remediation task. When a VI belongs to more than one remediation task, the following table lists the updates that are made.

Table 3. Vulnerable item state set individually special cases
Vulnerability item state within a group	Vulnerable item final state
RT 1 state: Under Investigation RT 2 state: Under Investigation > Awaiting Implementation Original VI state: Under Investigation > (set on the VI)	Awaiting Implementation When RT 2 moved to Awaiting Implementation, and RT 1 remained Under Investigation, the VI changes to Awaiting Implementation (the highest precedence).
RT 1: Under Investigation RT 2: Under Investigation > Awaiting Implementation Original VI state: Deferred > (set on the VI)	Deferred When RT 2 moved to Awaiting Implementation, and RT 1 remained Under Investigation, the VI remains in the Deferred state (the highest precedence).

The following table shows that when two remediation tasks with common vulnerable items are deferred, the state is deferred until the latest date is reached.

Table 4. Vulnerable item deferred state special cases
Vulnerability item state within a group	Vulnerable item final state
RT 1 state: In Review (until April 10) RT 2 state: Under Investigation > In Review (until April 30) Original VI state: In Review (until April 10) > (set on the VI)	Deferred (until April 30) When RT 2 moved to Deferred (until Apr-30), and RT 1 remains Deferred (until Apr-10), the VI changes from Deferred (until Apr-05) to Deferred state (until Apr-30).
RT 1: In Review (until July 15) RT 2: Under Investigation > In Review (until July 10 Original VI state: Deferred > (until July 15)	Deferred (until July 15) When RT 2 moved to Deferred (until Jul-10), and RT 1 remains Deferred (Jul-15), the VI remains in Deferred (until Jul-15).