Using generative AI skills
Vulnerability managers and analysts can resolve remediation tasks from within their flow of work with the generative AI skills.
Skills in global domain reuse
By default, all skills exist in the global domain. When you use Now Assist in a domain-separated environment, users are only able to access data in their domain. For example, if a user uses the summarization skill, Now Assist only uses material that exists in the user's domain when generating that summary. Additionally, there is no co-mingling of data for domain-separated instances when using generative AI skills. The data resides only on the instance, and the shared services used for generative AI do not persist any requests (prompts) and responses. For more information, see Domain separation in the Now Assist Admin console. (Note that global domain is not the same as global scope. For more information, see Exploring Next Experience pickers.)
Overview of Now Assist for Vulnerability Response skills
With generative AI skills with Now Assist for Vulnerability Response, your vulnerability managers and analysts have the option to use generative AI skills to help them with the following tasks. Unless otherwise noted, these generative AI skills are supported by the legacy and Unified Security Exposure Management (USEM) workspaces.
| Generative AI skill | Description | Users |
|---|---|---|
| Evaluate vulnerability exposure data with Security Exposure 360 | Use generative AI to enter questions in plain language and receive comprehensive answers about all types of findings that include host, container, and test results vulnerabilities. | Vulnerability managers and analysts |
| Using the AI guardrails helper skill and agentic workflow |
Use an AI skill to help you identify finding types, understand the guardrails that might be already mapped to findings, and see why they were selected by the skill to map to specific findings. This information can help
you determine which findings might be already mitigated or deferred for later review or remediation.
Note: Supported only in the Unified Security Exposure Management (USEM) workspace. |
Vulnerability analysts, vulnerability managers, and Chief Information Security Officers (CISO)s |
| Generate vulnerability insights with generative AI | Use generative AI to provide insights based on contextual summaries and provide actionable recommendations. | Vulnerability managers and analysts |
| Get exception and false positive approval recommendations | Use generative AI to provide on-demand approval and false positive recommendations. | Exception and false positive approvers |
| Create an API connector with generative AI |
Use generative AI to automatically populate steps in the API Connector builder. Note:
You must install and activate the required applications in addition to Now Assist for Vulnerability Response to use the generative AI skill to help you create your own API connector. |
Developers in your organization, vulnerability and security admins |
| Identify duplicate vulnerable items with generative AI | Identify and group duplicate vulnerable items (VITs) created from multiple scanners. Identify the primary vulnerable item and remove (close) duplicates. | Vulnerability managers and analysts |
| Suggest vulnerability solutions with generative AI |
Identify the most appropriate preferred solution for a given vulnerable item (VIT). Note:
|
Vulnerability managers and analysts |
| Generate vulnerability insights with generative AI | Understand your security posture with AI-generated summaries and recommendations to help you prioritize and act on critical findings. | Vulnerability managers and analysts |
| Generate a recommendation for approval impact analysis | Streamline the approval process for exceptions and false positive requests with AI-driven recommendations. | Vulnerability managers and analysts |