Operational Technology Vulnerability Response (PA) dashboard

  • Release version: Yokohama
  • Updated January 30, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Operational Technology Vulnerability Response (PA) dashboard

    The Operational Technology Vulnerability Response (PA) dashboard enables ServiceNow customers to monitor and manage vulnerabilities in Operational Technology (OT) environments. It tracks the volume, performance, and remediation progress of OT vulnerable items (VIs) from detection through containment and resolution. Users can filter reports by assignment group, risk rating, exploit presence, and state to gain insights into vulnerability exposure and affected services.

    Show full answer Show less

    Access requires the snotvr.remediationowner role, and the dashboard is available within the Industrial Workspace under the Dashboard Library.

    Key Features

    • Dashboard Tabs:
      • Vulnerable Items tab: Displays KPIs on vulnerability risk, affected devices, remediation progress, and adherence to targets with reports such as Total OT Vulnerable Items, OT Vulnerable Items by Risk Rating, Mean Time to Remediate (MTTR), and Overdue Critical Vulnerable Items.
      • Remediation tab: Provides real-time views of remediation task progress, highlighting critical tasks, those near due, unassigned tasks, and tasks by risk rating or assignment group.
      • Exception tab: Identifies risks from deferred remediation, showing deferred vulnerable items by reason and exceptions for critical items by assignment group.
    • Filtering and Site Selection: Customers with the cmdbotisaviewer role can filter dashboard data by site for targeted analysis.
    • Indicators and Data Sources: The dashboard gathers data from specific indicator sources (OTVI.Active, OTVI.Closed, OTRT.Active) to measure vulnerability and remediation status, with configurable collection jobs ensuring data currency.
    • Breakdowns: Data can be segmented by attributes such as age, assignment group, deferral reason, exploit presence, remediation target status, and risk rating to provide detailed, qualitative insights.
    • Data Visualizations: The dashboard uses charts and graphs (e.g., bar charts grouped by OT device type) to visually represent vulnerability counts and trends, aiding in quick comprehension and decision-making.

    Use Cases

    This dashboard is designed for OT site managers, analysts, and vulnerability remediation owners. It helps organizations prioritize risks by identifying critical vulnerable items and high-visibility vulnerabilities. The graphical KPIs assist in designing effective remediation plans and tracking progress, thereby improving response to security incidents in OT environments.

    Practical Benefits for ServiceNow Customers

    • Gain a comprehensive and up-to-date view of OT vulnerability exposure and remediation status.
    • Identify and prioritize critical vulnerabilities and remediation tasks by risk and assignment group.
    • Monitor remediation progress and detect exceptions or excessive deferrals that may pose risks.
    • Leverage filters and breakdowns to customize views for specific sites, teams, or risk categories.
    • Use data visualizations to communicate status and trends effectively across stakeholders.

    Track the volume, performance, and progress of the Operational Technology (OT) vulnerable items (VIs) from the initial analysis and detection to the containment, or remediation. You can filter the reports by the assignment group, exploits, risk rating, or state to get insight into your vulnerability exposure and the services that are affected.

    Required Operational Technology and Operational Technology Vulnerability Response roles

    To access the OTVR (PA) dashboard, you must have the sn_otvr.remediation_owner role.

    To view the Operational Technology Vulnerability Response (PA) dashboard, navigate to All > Industrial Workspace and select the Dashboard Library (Dashboards icon in the Industrial Workspace.) icon in the navigation panel. Then select Operational Technology Vulnerability Response.

    Use cases

    The following table shows some examples of how different people in your organization can use this dashboard.
    Table 1. Operational Technology Vulnerability Response (PA) dashboard use cases
    User Dashboard use
    OT site managers, OT analysts, vulnerability remediation owners Help your organization deal with increasing security incidents due to exploited vulnerabilities by determining which OT vulnerable items present the most risk. This dashboard provides a graphical view into the OT vulnerable item activity and can help you to design the remediation plans and status progress. You can focus on the key performance indicators (KPIs) that are associated with the critical affected devices and high-visibility vulnerabilities.

    Dashboard tabs

    You can see the reports that show the trending data over time and the reports with real-time data. You can also view the trends of the important metrics on a regular schedule so that you can analyze your overall business processes and identify the areas that need to be improved.

    Learn what's in the Vulnerable Items tab, Remediation tab, and Exceptions tab.

    Vulnerable Items tab

    The Vulnerable Items tab communicates the KPIs for the vulnerability risk and prevalence, affected devices, remediation target adherence, and remediation progress.

    On the Vulnerable Items tab, you can view the following reports:
    • Total OT Vulnerable Items
    • New OT Vulnerable Items
    • OT Unassigned Vulnerable Items
    • OT Vulnerable Items by State
    • OT Vulnerable Items by Risk Rating
    • OT VIs Met Remediation Target
      Note:
      You can view the data by the last month, 3 months, 6 months, year, or all time.
    • OT VI Mean Time to Remediate (MTTR)
      Note:
      You can view the data by the last month, 3 months, 6 months, year, or all time.
    • OT VI by age
    • OT Closed Vulnerable Items by Remediation Target Status
    • OT Critical Vulnerable Items by Assignment Group
    • OT Overdue Critical Vulnerable Items by Assignment Group

    Remediation tab

    The Remediation tab helps you to understand the progress of your remediation actions and to see which support teams need the most assistance with their completion.

    On the Remediation tab, you can view the following reports in real time:

    • OT Remediation Tasks
    • OT Critical Remediation Tasks Near Due
    • OT Remediation Task by Risk Rating
    • OT Remediation by Target Status
    • OT Remediation Task by State
    • OT Unassigned Remediation Tasks
    • OT Critical Remediation Task by Assignment Group
    • OT Overdue Critical Remediation Task by Assignment Group

    Exception tab

    The Exception tab helps you to understand where your organization is taking a risk due to potentially excessive deferrals of remediation.

    On the Exception tab, you can view the following reports in real time:
    • OT Deferred Vulnerable Items by Reason
    • OT Exceptions for Critical Vulnerable Items by Assignment Group.

    Site filter

    You can use the Site filter to search for and select the site that you want to view on the dashboard. To access and use the site filter, you must have the cmdb_ot_isa_viewer role with access to the site you want to view.

    For more information, see Use the site filter.

    Indicator sources

    The Operational Technology Vulnerability Response indicators gather data from the following sources:
    • OTVI.Active
    • OTVI.Closed
    • OTRT.Active
    For more information about the indicator sources that are used for the dashboard, see Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard.

    If you expect more than 1 million records to be collected from the indicator sources, you must override the expected count in the Records collection section of the indicator source. For more information, see Review the indicator sources for a larger number of records.

    Indicators

    Several indicators are used to measure and track the progress of your vulnerability remediation in the Operational Technology Vulnerability Response application. For more information about the indicators used for the dashboard, see Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard.

    The collect records option for the indicators is inactive by default for the Operational Technology Vulnerability Response application. This option is turned off to avoid the performance issues that may occur when you collect a large amount of data for each indicator.

    Breakdowns

    Breakdowns filter and group the collected records​ by a qualitative attribute. The following breakdowns apply to the indicators on the dashboard:
    • Age
    • Age Closed
    • Assignment Group
    • CI Manager
    • Deferral Reason
    • Exploit Attack Vector
    • Exploit Exists
    • Exploit Skill Level
    • Remediation Target Rule
    • Remediation Target Status
    • Remediation Target Status (Closed)
    • Risk Rating
    • Severity
    • State
    The breakdown sources specify the unique values that a breakdown contains. The unique values are called the breakdown elements. The dashboard uses the following breakdown sources:
    • Assignment Group​
    • Deferred.Reason.Non.Closed​
    • Exploit Attack Vector​
    • Exploit Exists​
    • Exploit Skill Level​
    • OT Age Range​
    • Remediation Target Status​
    • Remediation Target Status (Closed)​
    • Remediation.Target.Rule​
    • Risk Rating
    • Severity​
    • State​
    • Vulnerable.Item.CI.Manager​

    For more information about the breakdowns and breakdown sources, see Operational Technology Vulnerability Response (PA) dashboard breakdowns.

    Collection jobs

    The dashboard uses the following collection jobs to gather the OT vulnerability data that are displayed on the dashboard.
    • [PA OT VR] Historical Vulnerability Data Collection
    • [PA OT VR] Daily Collection for Remediation Tasks
    • [PA OT VR] Daily Collection for Vulnerable Items 1
    • [PA OT VR] Daily Collection for Vulnerable Items 2

    For more information about the collection jobs, see Operational Technology Vulnerability Response (PA) dashboard collection jobs.

    Data visualizations

    The Operational Technology Vulnerability Response (PA) dashboard uses data visualizations to display your OT vulnerability data. For example, the total number of OT vulnerable items in your system is displayed in the Total OT Vulnerable Items bar chart and is grouped by OT device type.

    For more information about the data visualizations that are used in the dashboard, see Data visualizations used in the Operational Technology Vulnerability Response (PA) dashboard.