Operational Technology Vulnerability Response (PA) dashboard

  • Release version: Xanadu
  • Updated January 22, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Operational Technology Vulnerability Response (PA) dashboard

    The Operational Technology Vulnerability Response (PA) dashboard enables ServiceNow customers to monitor and analyze the lifecycle of Operational Technology (OT) vulnerable items, from detection through containment and remediation. It provides actionable insights into vulnerability exposure and affected services, helping organizations prioritize and manage remediation efforts effectively.

    Show full answer Show less

    Access requires the snotvr.remediationowner role, and the dashboard is found within the Industrial Workspace under the Dashboard Library.

    Key Features

    • Filtering: Reports can be filtered by assignment group, exploits, risk rating, state, and site (with appropriate roles), enabling focused analysis.
    • Dashboard Tabs:
      • Vulnerable Items: Displays KPIs on vulnerability risk, affected devices, remediation targets, and progress with various time range options (last month to all time).
      • Remediation: Shows real-time remediation task status, highlighting tasks by risk rating, assignment group, and overdue status.
      • Exceptions: Identifies risks from deferred remediation, including reasons and critical item exceptions.
    • Data Sources: Utilizes indicator sources such as active and closed OT vulnerable items and active remediation tasks to gather data.
    • Indicators and Breakdowns: Tracks remediation progress using indicators grouped by attributes like age, assignment group, deferral reason, exploit characteristics, risk rating, severity, and remediation target status.
    • Collection Jobs: Automates data gathering via scheduled jobs to update historical and daily vulnerability and remediation data.
    • Data Visualizations: Employs charts and graphs (e.g., bar charts by OT device type) to present vulnerability metrics clearly for informed decision-making.

    Use Cases

    The dashboard primarily supports OT site managers, analysts, and vulnerability remediation owners by helping them identify critical vulnerabilities and monitor remediation status. It facilitates the design of effective remediation plans focused on high-risk and high-visibility vulnerabilities, supporting the reduction of security incidents related to OT systems.

    Track the volume, performance, and progress of the Operational Technology (OT) vulnerable items (VIs) from the initial analysis and detection to the containment, or remediation. You can filter the reports by the assignment group, exploits, risk rating, or state to get insight into your vulnerability exposure and the services that are affected.

    Required Operational Technology and Operational Technology Vulnerability Response roles

    To access the OTVR (PA) dashboard, you must have the sn_otvr.remediation_owner role.

    To view the Operational Technology Vulnerability Response (PA) dashboard, navigate to All > Industrial Workspace and select the Dashboard Library (Dashboards icon in the Industrial Workspace.) icon in the navigation panel. Then select Operational Technology Vulnerability Response.

    Use cases

    The following table shows some examples of how different people in your organization can use this dashboard.
    Table 1. Operational Technology Vulnerability Response (PA) dashboard use cases
    User Dashboard use
    OT site managers, OT analysts, vulnerability remediation owners Help your organization deal with increasing security incidents due to exploited vulnerabilities by determining which OT vulnerable items present the most risk. This dashboard provides a graphical view into the OT vulnerable item activity and can help you to design the remediation plans and status progress. You can focus on the key performance indicators (KPIs) that are associated with the critical affected devices and high-visibility vulnerabilities.

    Dashboard tabs

    You can see the reports that show the trending data over time and the reports with real-time data. You can also view the trends of the important metrics on a regular schedule so that you can analyze your overall business processes and identify the areas that need to be improved.

    Learn what's in the Vulnerable Items tab, Remediation tab, and Exceptions tab.

    Vulnerable Items tab

    The Vulnerable Items tab communicates the KPIs for the vulnerability risk and prevalence, affected devices, remediation target adherence, and remediation progress.

    On the Vulnerable Items tab, you can view the following reports:
    • Total OT Vulnerable Items
    • New OT Vulnerable Items
    • OT Unassigned Vulnerable Items
    • OT Vulnerable Items by State
    • OT Vulnerable Items by Risk Rating
    • OT VIs Met Remediation Target
      Note:
      You can view the data by the last month, 3 months, 6 months, year, or all time.
    • OT VI Mean Time to Remediate (MTTR)
      Note:
      You can view the data by the last month, 3 months, 6 months, year, or all time.
    • OT VI by age
    • OT Closed Vulnerable Items by Remediation Target Status
    • OT Critical Vulnerable Items by Assignment Group
    • OT Overdue Critical Vulnerable Items by Assignment Group

    Remediation tab

    The Remediation tab helps you to understand the progress of your remediation actions and to see which support teams need the most assistance with their completion.

    On the Remediation tab, you can view the following reports in real time:

    • OT Remediation Tasks
    • OT Critical Remediation Tasks Near Due
    • OT Remediation Task by Risk Rating
    • OT Remediation by Target Status
    • OT Remediation Task by State
    • OT Unassigned Remediation Tasks
    • OT Critical Remediation Task by Assignment Group
    • OT Overdue Critical Remediation Task by Assignment Group

    Exception tab

    The Exception tab helps you to understand where your organization is taking a risk due to potentially excessive deferrals of remediation.

    On the Exception tab, you can view the following reports in real time:
    • OT Deferred Vulnerable Items by Reason
    • OT Exceptions for Critical Vulnerable Items by Assignment Group.

    Site filter

    You can use the Site filter to search for and select the site that you want to view on the dashboard. To access and use the site filter, you must have the cmdb_ot_isa_viewer role with access to the site you want to view.

    For more information, see Use the site filter.

    Indicator sources

    The Operational Technology Vulnerability Response indicators gather data from the following sources:
    • OTVI.Active
    • OTVI.Closed
    • OTRT.Active
    For more information about the indicator sources that are used for the dashboard, see Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard.

    If you expect more than 1 million records to be collected from the indicator sources, you must override the expected count in the Records collection section of the indicator source. For more information, see Review the indicator sources for a larger number of records.

    Indicators

    Several indicators are used to measure and track the progress of your vulnerability remediation in the Operational Technology Vulnerability Response application. For more information about the indicators used for the dashboard, see Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard.

    The collect records option for the indicators is inactive by default for the Operational Technology Vulnerability Response application. This option is turned off to avoid the performance issues that may occur when you collect a large amount of data for each indicator.

    Breakdowns

    Breakdowns filter and group the collected records​ by a qualitative attribute. The following breakdowns apply to the indicators on the dashboard:
    • Age
    • Age Closed
    • Assignment Group
    • CI Manager
    • Deferral Reason
    • Exploit Attack Vector
    • Exploit Exists
    • Exploit Skill Level
    • Remediation Target Rule
    • Remediation Target Status
    • Remediation Target Status (Closed)
    • Risk Rating
    • Severity
    • State
    The breakdown sources specify the unique values that a breakdown contains. The unique values are called the breakdown elements. The dashboard uses the following breakdown sources:
    • Assignment Group​
    • Deferred.Reason.Non.Closed​
    • Exploit Attack Vector​
    • Exploit Exists​
    • Exploit Skill Level​
    • OT Age Range​
    • Remediation Target Status​
    • Remediation Target Status (Closed)​
    • Remediation.Target.Rule​
    • Risk Rating
    • Severity​
    • State​
    • Vulnerable.Item.CI.Manager​

    For more information about the breakdowns and breakdown sources, see Operational Technology Vulnerability Response (PA) dashboard breakdowns.

    Collection jobs

    The dashboard uses the following collection jobs to gather the OT vulnerability data that are displayed on the dashboard.
    • [PA OT VR] Historical Vulnerability Data Collection
    • [PA OT VR] Daily Collection for Remediation Tasks
    • [PA OT VR] Daily Collection for Vulnerable Items 1
    • [PA OT VR] Daily Collection for Vulnerable Items 2

    For more information about the collection jobs, see Operational Technology Vulnerability Response (PA) dashboard collection jobs.

    Data visualizations

    The Operational Technology Vulnerability Response (PA) dashboard uses data visualizations to display your OT vulnerability data. For example, the total number of OT vulnerable items in your system is displayed in the Total OT Vulnerable Items bar chart and is grouped by OT device type.

    For more information about the data visualizations that are used in the dashboard, see Data visualizations used in the Operational Technology Vulnerability Response (PA) dashboard.