Triage vulnerabilities automatically

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Triage vulnerabilities automatically

    The automated triage of vulnerabilities in ServiceNow Vulnerability Response streamlines the remediation process by transforming imported vulnerabilities into actionable remediation tasks. This includes assigning vulnerable items (VIs), calculating risk, setting remediation targets, and grouping VIs. The process ensures assets not found in the CMDB are reconciled, vulnerabilities prioritized, remediation activities assigned, and remediation confirmed through validation scans.

    Show full answer Show less

    Key Features

    • Automated Vulnerable Item Assignment: Vulnerabilities are assigned to remediation tasks based on predefined rules, though manual intervention may be necessary for ungrouped or unmatched items.
    • Risk Score Revision: Customers can adjust risk scores of vulnerable items within remediation tasks using vulnerability calculators and rules.
    • Remediation Target Rules: These rules, created during initial setup, determine remediation targets and run upon vulnerability import to guide remediation efforts.
    • Ungrouped Vulnerable Items Handling: Customers can review and manually group ungrouped VIs or revise group rules and perform rescans to improve grouping accuracy.
    • Automatic Closure of Older Vulnerable Items: Items not recently detected can be closed automatically to maintain focus on current vulnerabilities.
    • Change Request Integration: Remediation tasks can be linked to change requests assigned to IT operations for resolution. If Security Incident Response is enabled, security incidents can be created from remediation tasks.

    Practical Steps for Customers

    • Log in to the Vulnerability Response instance and validate your CI Lookup and Assignment rules to ensure correct vulnerable item assignment.
    • Verify remediation target rules to confirm they align with your remediation strategy.
    • Review ungrouped vulnerable items and revise group rules or manually group items as needed.
    • Adjust risk scores for vulnerable items to reflect current risk assessments.
    • Close older vulnerabilities not detected recently by integrations to reduce noise.
    • Research and prioritize remediation activities based on risk, affected systems, and patching schedules.
    • Create and assign change requests for remediation tasks, moving tasks to an 'Under Investigation' state after submission.

    Why It Matters

    This automated triage process helps ServiceNow customers efficiently manage and remediate vulnerabilities by reducing manual effort, improving prioritization, and ensuring that remediation tasks are clearly defined and assigned. It supports maintaining a secure IT environment by integrating vulnerability data with change and security incident management workflows.

    Reviewing and triaging new vulnerabilities is necessary to ensure successful remediation. Transform vulnerability imports into remediation tasks with automated vulnerable item (VI) assignment, risk calculation, remediation targets, and VI grouping.

    Starting with imported vulnerabilities, reconcile the assets not found in the CMDB, prioritize the results, translate that to remediation activities that are automatically assigned, orchestrate the remediation process, and confirm completion with a validation scan.

    New vulnerable items are usually sorted into remediation tasks upon import, based on remediation tasks rules. Sometimes, vulnerable items cannot be grouped or do not contain a recognized configuration item.

    An overview of the vulnerability triage process: