Operational Technology Vulnerability Response (PA) dashboard

  • Release version: Washingtondc
  • Updated February 7, 2024
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Operational Technology Vulnerability Response (PA) dashboard

    The Operational Technology Vulnerability Response (PA) dashboard enables organizations to track the volume, performance, and remediation progress of Operational Technology (OT) vulnerable items (VIs). Users can filter reports by assignment group, exploits, risk rating, or state to gain insights into vulnerability exposure and affected services.

    Show full answer Show less

    Key Features

    • User Roles: Access requires roles such as cmdbotviewer, cmdbotisaviewerall, and snvul.remediationowner.
    • Dashboard Tabs: Includes Vulnerable Items, Remediation, and Exception tabs for comprehensive insights:
      • Vulnerable Items: Displays KPIs related to risk, prevalence, and remediation progress.
      • Remediation: Shows real-time progress of remediation actions and identifies support teams needing assistance.
      • Exceptions: Highlights potential risks from excessive deferrals of remediation.
    • Data Collection: Gathers data from various sources, with specific collection jobs for historical and daily data on vulnerabilities and remediation tasks.
    • Indicators and Breakdowns: Utilizes multiple indicators to track progress and allows filtering by attributes such as age, assignment group, and risk rating.

    Key Outcomes

    By utilizing the Operational Technology Vulnerability Response (PA) dashboard, ServiceNow customers can effectively manage OT vulnerabilities, prioritize remediation efforts, and enhance overall security posture. This dashboard supports informed decision-making and helps organizations respond proactively to security incidents related to OT vulnerabilities.

    Track the volume, performance, and progress of the Operational Technology (OT) vulnerable items (VIs) from the initial analysis and detection to the containment, or remediation. You can filter the reports by the assignment group, exploits, risk rating, or state to get insight into your vulnerability exposure and the services that are affected.

    Required Operational Technology and Operational Technology Vulnerability Response roles

    You can use this dashboard if you have a cmdb_ot_viewer, cmdb_ot_isa_viewer_all, and sn_vul.remediation_owner role.

    To view the Operational Technology Vulnerability Response (PA) dashboard, navigate to All > Industrial Workspace and select the dashboards (Dashboards icon in the Industrial Workspace.) icon in the navigation panel.

    Use cases

    The following table shows some examples of how different people in your organization can use this dashboard.
    Table 1. Operational Technology Vulnerability Response (PA) dashboard use cases
    User Dashboard use
    OT site managers, OT analysts, vulnerability remediation owners Help your organization deal with increasing security incidents due to exploited vulnerabilities by determining which OT vulnerable items present the most risk. This dashboard provides a graphical view into the OT vulnerable item activity and can help you to design the remediation plans and status progress. You can focus on the key performance indicators (KPIs) that are associated with the critical affected devices and high-visibility vulnerabilities.

    Dashboard tabs

    You can see the reports that show the trending data over time and the reports with real-time data. You can also view the trends of the important metrics on a regular schedule so that you can analyze your overall business processes and identify the areas that need to be improved.

    Learn what's in the Vulnerable Items tab, Remediation tab, and Exceptions tab.

    Vulnerable Items tab

    The Vulnerable Items tab communicates the KPIs for the vulnerability risk and prevalence, affected devices, remediation target adherence, and remediation progress.

    On the Vulnerable Items tab, you can view the following reports:
    • OT Vulnerable Items (VI)
    • OT Vulnerable Configuration Items (CIs)
    • OT Remediation Tasks
    • OT VIs Met Remediation Target
      Note:
      You can view the data by the last month, 3 months, 6 months, year, or all time.
    • OT VI Mean Time to Remediate (MTTR)
      Note:
      You can view the data by the last month, 3 months, 6 months, year, or all time.
    • OT Critical Remediation Tasks Near Due
    • OT VI by age
    • OT Closed Vulnerable Items by Remediation Target Status
    • OT Vulnerable Items by Risk Rating
    • OT Critical Vulnerable Items by Assignment Group
    • OT Overdue Critical Vulnerable Items by Assignment Group

    Remediation tab

    The Remediation tab helps you to understand the progress of your remediation actions and to see which support teams need the most assistance with their completion.

    On the Remediation tab, you can view the following reports in real time:

    • OT Remediation Task by Risk Rating & State
    • OT Remediation by Risk Rating & Target Status
    • OT Unassigned Remediation Tasks
    • OT Unassigned Vulnerable Items
    • OT Critical Remediation Task by Assignment Group
    • OT Overdue Critical Remediation Task by Assignment Group

    Exception tab

    The Exception tab helps you to understand where your organization is taking a risk due to potentially excessive deferrals of remediation.

    On the Exception tab, you can view the following reports in real time:
    • OT Deferred Vulnerable Items by Reason
    • OT Exceptions for Critical Vulnerable Items by Assignment Group.

    Indicator sources

    The Operational Technology Vulnerability Response indicators gather data from the following sources:
    • OTVI.Active
    • OTVI.Closed
    • OTRT.Active
    For more information about the indicator sources that are used for the dashboard, see Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard.

    If you expect more than 1 million records to be collected from the indicator sources, you must override the expected count in the Records collection section of the indicator source. For more information, see Review the indicator sources for a larger number of records.

    Indicators

    Several indicators are used to measure and track the progress of your vulnerability remediation in the Operational Technology Vulnerability Response application. For more information about the indicators used for the dashboard, see Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard.

    The collect records option for the indicators is inactive by default for the Operational Technology Vulnerability Response application. This option is turned off to avoid the performance issues that may occur when you collect a large amount of data for each indicator.

    Breakdowns

    Breakdowns filter and group the collected records​ by a qualitative attribute. The following breakdowns apply to the indicators on the dashboard:
    • Age
    • Age Closed
    • Assignment Group
    • CI Manager
    • Deferral Reason
    • Exploit Attack Vector
    • Exploit Exists
    • Exploit Skill Level
    • Remediation Target Rule
    • Remediation Target Status
    • Remediation Target Status (Closed)
    • Risk Rating
    • Severity
    • State
    The breakdown sources specify the unique values that a breakdown contains. The unique values are called the breakdown elements. The dashboard uses the following breakdown sources:
    • Assignment Group​
    • Deferred.Reason.Non.Closed​
    • Exploit Attack Vector​
    • Exploit Exists​
    • Exploit Skill Level​
    • OT Age Range​
    • Remediation Target Status​
    • Remediation Target Status (Closed)​
    • Remediation.Target.Rule​
    • Risk Rating
    • Severity​
    • State​
    • Vulnerable.Item.CI.Manager​

    For more information about the breakdowns and breakdown sources, see Operational Technology Vulnerability Response (PA) dashboard breakdowns.

    Collection jobs

    The dashboard uses the following collection jobs to gather the OT vulnerability data that are displayed on the dashboard.
    • [PA OT VR] Historical Vulnerability Data Collection
    • [PA OT VR] Daily Collection for Remediation Tasks
    • [PA OT VR] Daily Collection for Vulnerable Items 1
    • [PA OT VR] Daily Collection for Vulnerable Items 2
    • [PA OT VR] Daily Collection for Vulnerable Configuration Items (CIs)

    For more information about the collection jobs, see Operational Technology Vulnerability Response (PA) dashboard collection jobs.

    Data visualizations

    The Operational Technology Vulnerability Response (PA) dashboard uses data visualizations to display your OT vulnerability data. For example, the total number of OT vulnerable items in your system is displayed with a single score in the OT Vulnerable Items (VI) widget.

    For more information about the data visualizations that are used in the dashboard, see Data visualizations used in the Operational Technology Vulnerability Response (PA) dashboard.