Analytics and Reporting Solutions for Vulnerability Response

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Analytics and Reporting Solutions for Vulnerability Response

    The Vulnerability Response module in ServiceNow provides tools for monitoring and managing vulnerability remediation. It allows users to review high-risk issues, track assignment group workloads, and monitor recurring vulnerabilities through effective data visualizations and dashboards.

    Show full answer Show less

    Key Features

    • Data Visualizations: The Vulnerability Response Workspaces feature dynamic visualizations that update with changing vulnerability data, helping organizations assess threat levels based on the number and severity of active vulnerabilities.
    • Remediation Process: Users can manage remediation tasks directly from the workspaces, including creating change requests, adding notes, deferring tasks, and closing them when resolved.
    • Dashboard Access: Default dashboards can be accessed via All > Vulnerability Response > Overview and viewed in the New Experience UI starting from version 19.0. Users can also explore additional dashboards as needed.
    • Integration with Change Management: The module supports tracking change activities related to assets and remediation tasks, ensuring compliance with any new regulatory obligations.

    Key Outcomes

    By leveraging the analytics and reporting capabilities of Vulnerability Response, organizations can:

    • Effectively monitor remediation progress and identify problem areas through comprehensive dashboards.
    • Revise prioritization of remediation tasks based on risk assessments and compliance timelines.
    • Track the resolution status of vulnerabilities through automated scans and integration with third-party detection tools like Qualys and Rapid7.
    • Utilize deployment metrics to identify bottlenecks in the remediation process, allowing for prompt resolution of issues.

    Monitoring vulnerability remediation involves viewing trends, managing risk, and monitoring assignment groups. You can review high risk issues, assignment group workloads, deferrals and, reoccurring vulnerabilities. Vulnerability Response offers tools, reports, and procedures to make that process more productive and efficient.

    Data visualizations in the Vulnerability Response Workspaces

    The Vulnerability Response Workspaces include data visualizations that can help you monitor your remediation progress. You can determine the threat level to your organization by viewing the number and severity of active vulnerabilities that are important to your organization on dynamic data visualizations that are updated as vulnerability data changes. See Vulnerability Manager Workspace and Exploring the IT Remediation Workspace for more information about the dynamic data visualizations that are available.

    Vulnerability analysts can also use default Vulnerability Response dashboards at All > Vulnerability Response > Overview.

    Important:
    Starting with version 19.0 of Vulnerability Response, this dashboard can also be viewed in the New Experience UI. To view the dashboard in the new UI, navigate to Workspaces > Vulnerability Manager Workspace and click the Dashboards icon. Depending on your role, the default dashboard is displayed. To view other dashboards, click the drop-down next to the dashboard name. For more information, see Dashboards in the Vulnerability Manager Workspace and Dashboards in the IT Remediation Workspace.
    Note:
    If you are on Tokyo, you can view the dashboards in the Next Experience UI but with some functional loss.

    Vulnerability Response remediation process

    Most vulnerability remediation is done from the remediation task record from within the Vulnerability Response Workspaces. From the remediation tasks (RTs) in the Under Investigation state, you can perform several tasks.
    • Create change requests.
    • Add work notes and descriptions of vulnerabilities within the remediation task.
    • Defer the remediation task and the vulnerable items in it until a later date.
    • Close the remediation task.
    • Track new regulatory compliance obligations, which are usually time sensitive.
    • Log in to your Vulnerability Response instance.
    • Review your Vulnerability Management and third-party dashboards and reports to locate problem areas. For example, view dashboards that show remediation task (RT) aging by states or high risk vulnerable items (VIs) past their remediation target date.
    • Review the state of remediation tasks, in order of risk.
    • Revise the prioritization for the tasks by adjusting your risk score calculators if the risk score is not being calculated correctly or deferring VIs or RTs, as needed. See Vulnerability Response calculators and vulnerability calculator rules or Defer a Remediation task for more information on these options.
    • Review deferred vulnerable items about to reopen and take further action as required. If you want to initiate and track change activities on your assets, remediation tasks, and their corresponding vulnerable items, for more information, see Change management for Vulnerability Responsefor further action.
    • Review feedback from IT Operations.

      Once you are notified that a change request is resolved, wait for the next scan. Scans are triggered automatically by the third-party import schedule configured in the Setup Assistant.

    • After a scan, if the state is Fixed, vulnerable items are automatically closed during import. The group closes when all vulnerable items in the group are fixed.
    • After the scan, if the state is not Fixed, the VI is automatically moved back to Under Investigation.

    • Vulnerable items set to 'Resolved' in your instance but not transitioned to 'Closed/Fixed' by the third party integration runs are reopened if they are detected during rescans.

      For Qualys detections, if the scanner continues to find VIs that were set to 'Resolved' but then not transitioned to 'Closed/Fixed' by subsequent scans, these VIs move back to 'Open' when the last found date is later than the Resolved date.

      For Rapid7 detections, an option is now available on the Rapid7 configuration page in your instance to reopen resolved VIs by age. If enabled, VIs set to 'Resolved' but then not transitioned to 'Closed/Fixed' by subsequent scans transition back to 'Open' after the number of days that you enter.

    Vulnerability Solution Management Deployment Progress

    Comprehensive deployment metrics for remediation tasks and vulnerability entries are included in Vulnerability Solution Management under Remediation Status in vulnerabilities, vulnerable items. Easily identify which remediation task or vulnerability is slowing resolution progress. Drill down into how the vulnerability is identified, or what aspects of the affected assets may be causing the remediation issue. Update the status of your metrics using the Update status related link in the vulnerability, solutions, and remediation task forms.