Application Vulnerability Management (PA) dashboard

  • Release version: Yokohama
  • Updated January 30, 2025
  • 6 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Application Vulnerability Management (PA) dashboard

    The Application Vulnerability Management (PA) dashboard in ServiceNow provides a comprehensive visual overview of application vulnerabilities, tracking their volume, risk, and remediation progress from detection to resolution. It is designed to help vulnerability managers prioritize remediation efforts by focusing on critical and high-visibility vulnerabilities within applications, enabling better risk management and security posture assessment.

    Show full answer Show less

    This dashboard is part of the Performance Analytics for Vulnerability Response content pack, which requires a separate subscription from the Vulnerability Response application. Users with roles such as Security Champion, App-Sec Manager, or Developer can access it via the Application Vulnerability Response > Overview menu or through the Vulnerability Manager Workspace in the New Experience UI. The dashboard supports flexible time range filters and breakdowns by Scan Type, Application, or Business Unit, allowing tailored views of vulnerability data.

    Key Features

    • Security Posture Tab: Displays the current security status, remediation progress, and penetration test findings (manually created AVIs) with visualization by risk rating.
    • Exceptions Tab: Highlights deferred vulnerabilities, expiring deferral requests, and exceptions by assignment group or requester to identify areas of increased risk.
    • Remediation Trend Tab: Shows trends in remediation activities over time, helping track improvements or delays.
    • Scoreboard Tab: Identifies applications with the most critical and overdue vulnerabilities, supporting focused remediation efforts.
    • Scan Type Filters: Ability to filter data by dynamic or static scan imports or both, providing flexibility in data analysis.
    • Performance Indicators: Includes metrics such as mean time to remediate vulnerabilities by risk level, counts of active and closed vulnerabilities, new vulnerabilities, unassigned items, and net changes in vulnerability counts. All indicators emphasize minimizing risk and remediation time, except for closed vulnerabilities which are maximized.
    • Data Breakdown: Enables detailed analysis by age of vulnerabilities, business unit, risk rating, and scan type, allowing targeted vulnerability management.

    Data Visualizations

    The dashboard offers a variety of visual components to enhance understanding and decision-making:

    • Pie Charts: Show distribution of vulnerabilities by risk rating and status, including penetration test findings and overdue items.
    • Heatmaps: Display vulnerability age by risk rating to identify aging issues.
    • Trend Lines: Illustrate changes in vulnerability counts and remediation times over selected periods.
    • Scorecards and Distribution Bars: Highlight top applications with critical and overdue vulnerabilities, enabling prioritized action.

    Practical Considerations

    To effectively use the dashboard, ensure the Performance Analytics for Vulnerability Response content pack is installed and configured. Note that customizing age calculations for Application Vulnerable Items (AVIs) can significantly impact reported metrics and trends, so adjustments should be made cautiously.

    By leveraging this dashboard, ServiceNow customers can gain actionable insights to accelerate vulnerability remediation, reduce risk exposure, and improve their overall application security posture.

    Track the volume, performance and progress of application vulnerabilities from initial analysis and detection to containment or remediation.

    Use cases

    User Dashboard use
    Vulnerability managers

    With the Application Vulnerability Management dashboard, vulnerability management can determine which application vulnerable items (AVIs) present the most risk to their organizations.

    These dashboards provide a graphical view into AVI activity to help them determine remediation plans and status progress. Focus on the KPIs associated with critical affected applications and high-visibility vulnerabilities.

    Required ServiceNow AI Platform roles, setup, and the dashboard tabs

    The Application Vulnerability Management (PA) dashboard is included as a part of the Performance Analytics for Vulnerability Response content pack. The Performance Analytics for Vulnerability Response content pack is not automatically installed with the Vulnerability Response application. It is available on the ServiceNow® Store as a separate subscription.

    For more information about setting up, installing, and configuring your Performance Analytics for Vulnerability Response application, see Install and configure the Performance Analytics for Vulnerability Response [PA] application.

    To view the dashboard, as a user assigned to Security Champion, App-Sec Manager, or Developer user groups, navigate to Application Vulnerability Response > Overview.

    Note:
    The My Application Vulnerabilities dashboard is a subset of the Overview dashboard and only available when a member of the Security Champion user group logs into an instance. For information on the My Application Vulnerabilities dashboard, see My Application Vulnerabilities dashboard.

    Starting with version 19.0 of Application Vulnerability Response, this dashboard can also be viewed in the New Experience UI. To view the dashboard in the new UI, navigate to Workspaces > Vulnerability Manager Workspace and click theDashboards icon. Depending on your role, the default dashboard is displayed. To view other dashboards, click the drop-down next to the dashboard name. For more information, see Dashboards page in the Vulnerability Manager Workspace and Dashboards page in the IT Remediation Workspace.

    The Overview dashboard communicates KPIs for vulnerability risk and prevalence, affected applications, remediation trends, and remediation progress. The default for trends is three months but can be changed to 7 day, one month, 3 months, 6 months, YTD, 1 year, or All.

    Breakdown the data in the Application Vulnerability Management dashboard by Scan Type, Application or Business unit. Each of these choices has an additional filter, Select elements, to refine your selections. Starting from Application Vulnerability Response v15.0, business and CI applications have been added to the choices for the Application filter.

    Figure 1. Security Posture tab

    The Security Posture tab helps you understand your security posture and the progress of your remediation actions.

    Starting from Application Vulnerability Response v15.0, you can view the penetration test findings reports. Penetration test findings are Application Vulnerable Items (AVIs) that are manually created based on the penetration test assessment requests.
    Note:
    The Scan Type for these widgets is Manual.
    Figure 1. Security posture tab for the AVM Dashboard
    This tab named "Security Posture" shows the bar graphs, pie charts, and total vulnerable items for the security posture and the progress of your remediation actions.
    Figure 3. Exceptions tab

    This dashboard helps you understand where your organization is taking risk due to potentially excessive deferrals and reconsider remediation options.

    You can view Deferred Application Vulnerable items by Reason, Expiring Deferral Requests for AVIs, Exceptions for Critical Application Vulnerable Items by Assignment Group, AVI Exception Requests by Requester.

    Figure 4. Remediation Trend tab

    The Remediation Trend tab helps you understand the progress of your remediation actions.

    This tab named "Remediation Trend" shows the progress of your remediation actions.
    Figure 5. Scoreboard tab

    The Scoreboard tab helps you understand the progress of your remediation actions, and which AVIs need the most assistance with their completion.

    Scan Type elements:
    • Dynamic: Use only metrics from dynamic data import
    • Static: Use only metrics from static data import

    You can choose either or both.

    This tab named "Scoreboard" shows the AVIs that need the most assistance with their completion.

    Indicators

    Mean time to remediate Low AVIs
    [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 4 - Low]] / [[Closed Application Vulnerable Items > Risk Rating = 4 - Low]]. Goal is to minimize.
    Application Releases
    It is the count distinct on applications from AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
    Application Vulnerable Items
    It is the count on app vul items AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
    Average AVIs per application
    [Active Application Vulnerable Items]] / [[Application Releases]]. Goal is to minimize.
    Unassigned VIs
    It is the count on indicator source AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
    Mean time to remediate AVIs
    [[Summed Duration of Closed Application Vulnerable Items]] / [[Closed Application Vulnerable Items]]. Goal is to minimize.
    Mean time to remediate High AVIs
    [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 2 - High]] / [[Closed Application Vulnerable Items > Risk Rating = 2 - High]]. Goal is to minimize.
    Closed Application Vulnerable Items
    It is the count on indicator source AVI.Closed, which is using the table: sn_vul_app_vulnerable_item. Goal is to maximize.
    Mean time to remediate Critical AVIs
    [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 1 - Critical]] / [[Closed Application Vulnerable Items > Risk Rating = 1 - Critical]]. Goal is to minimize.
    New Application Vulnerable Items
    It is the count on indicator source AVI.New, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
    Mean time to remediate Medium AVIs
    [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 3 - Medium]] / [[Closed Application Vulnerable Items > Risk Rating = 3 - Medium]]. Goal is to minimize.
    Net change in VIs
    [[New Application Vulnerable Items]] - [[Closed Application Vulnerable Items]]. Goal is to minimize.
    Summed Duration of Closed Application Vulnerable Items
    It is the count on indicator source AVI.Closed, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
    Critical Overdue Application Vulnerable Items
    It is the count on data source AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
    Critical Application Vulnerable Items
    It is the count on indicator source Applications with active AVIs, which is using the table: sn_vul_analytics_app_ci_dept_bu. Goal is to minimize.

    Breakdowns

    • Age
    • Age Closed
    • Application
    • Business Unit
    • Risk Rating
    • Scan Type
    Note:
    Customizing the Age and Age closed calculation for application vulnerable items (AVIs) may lead to a sharp rise or drop in the Performance Analytics (PA) reports that include these metrics. For more information on how to customize the calculation of Age and Age closed for AVIs, see the KB1703270 KB article.

    Data visualizations

    Table 1. Security Posture
    Name Type Description
    V15.0: Penetration Test Findings in Validation Pending State Pie Chart Pie chart icon Penetration test findings in Resolved state, but with validation pending, grouped by risk rating.
    V15.0: Overdue Penetration Test Findings Pie Chart Pie chart icon Critical penetration test findings that have missed their remediation target date, grouped by risk rating.
    Active Application Vulnerable Items (AVIs) Single Score Single-score icon Number of active (non-closed) application vulnerable items (AVIs).
    Unassigned Application Vulnerable Items (AVIs) Single Score Single-score icon Number of active application vulnerable items (AVIs) without an assignment group.
    Application Vulnerable Item (AVI) Distribution Pie Chart Pie chart icon Distribution of all active application vulnerable items (AVIs) grouped by risk rating.
    Application Vulnerable Items (AVIs) by Age Heatmap Heatmap icon Number of active application vulnerable items (AVIs) grouped by risk rating and age (in days).
    Note:
    Customizing the Age and Age closed calculation for application vulnerable items (AVIs) may lead to a sharp rise or drop in the Performance Analytics (PA) reports that include these metrics. For more information on how to customize the calculation of Age and Age closed for AVIs, see the KB1703270 KB article.
    AVI trends Trend Bar icon Trend of active application vulnerable items (AVIs) grouped by risk rating.
    Average AVIs per application Trend Bar icon Trend of average application vulnerable items (AVIs) per application, grouped by risk rating.
    Table 2. Remediation Trend
    Name Type Description
    Mean time to Remediate Application Vulnerable Items (AVIs) Line Line icon Trend of the average remediation time for application vulnerable items (AVIs) by risk rating.
    Net change of AVIs Trend Bar icon Line icon Trend of new application vulnerable items (AVIs) detected vs closed by month.
    Table 3. Scoreboard
    Name Type Description
    Top 10 Applications with Most Critical Application Vulnerable Items (AVIs) Score card and Distribution Bar Scorecard icon Distribution bar icon Applications with most number of critical application vulnerable items (AVIs).
    Top 10 Applications with Most Overdue Critical Application Vulnerable Items (AVIs) Score card and Distribution Bar Scorecard icon Distribution bar icon Applications with the most number of active application vulnerable items (AVIs) that are past their remediation target dates.