Automatically closing stale test results in Configuration Compliance

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Automatically closing stale test results in Configuration Compliance

    The Auto-Close Stale Test Results feature in Configuration Compliance helps you automatically close older test results that have not been updated or detected recently by your third-party integrations. By moving these stale test results to aClosed-Stalestate, you reduce the number of active test results and remediation tasks, simplifying asset reconciliation in your Configuration Management Database (CMDB).

    Show full answer Show less

    Note that terminology has changed starting with version 14.9, where "Test Result Group" is now "Remediation Task Group," and "Rules" are renamed to "Remediation Task Rules," among other updates.

    Key Features

    • Automatic closure of stale test results: Based on conditions you define in the condition builder, test results not recently found or updated by third-party scanners are closed automatically.
    • Integration with third-party scanners: The feature relies on data imported from external scanners (e.g., Qualys, Tenable.io) and does not calculate test results internally.
    • Resolution field enhancement: A new resolution value, Closed-Stale, distinguishes test results closed by this auto-close feature from those closed by scanners.
    • State rollup logic: Test results state progression is Open > Closed > Fixed-Closed > Closed-Stale, affecting the overall remediation task group state accordingly.

    Practical Use and Benefits for ServiceNow Customers

    Assets in your environment may become decommissioned or removed by third-party scanners, leaving associated test results inactive or stale. This feature helps you manage such cases by automatically closing these outdated test results after a specified period (e.g., 90 days without detection). This reduces unnecessary remediation workload and keeps your Configuration Compliance data current and relevant.

    By activating this feature and configuring the appropriate condition builder filters, you can efficiently maintain compliance data hygiene, improve CMDB accuracy, and focus remediation efforts on active and relevant issues.

    Supported Integrations

    This auto-close functionality supports integrations with third-party vulnerability scanners, specifically Qualys and Tenable.io, enabling seamless coordination between external scan data and your Configuration Compliance application.

    You can activate the Auto-Close Stale Test Results feature to automatically close older test results not recently found by your third-party integrations. Moving these test results to Closed-Stale reduces the number of active test results and remediation tasks in your instance and helps you reconcile assets in your Configuration Management Database (CMDB).

    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    Overview

    The Auto Close Stale Test Results module helps you automatically close older, stale test results not recently found by your third-party integrations. Test results are moved to Closed-Stale based on the conditions you set in the condition builder.

    Key terms

    Test result
    Tests results are imported results from libraries of configuration tests that are mapped to frameworks, policies, and authoritative sources that define how a class of technology assets should be governed. The Configuration Compliance application does not calculate the test results but imports them with third-party integrations.
    Asset last scanned date
    Refers to the value of Last configuration compliance scan date column of the Discovered Item table that is related to the test result. This date refers the most current date and time an asset was last scanned by a third-party scanner.
    Last failed date
    Refers to the Last seen column date of the Test Results table when the Result field value is [failed].
    Stale test results
    Refers to test results in your instance that are aged and have not been found, updated, or detected by third-party integration scans for a significant amount of time.
    Test Results last found
    This search option uses a date and time provided by the third-party scanner. This term refers to the most current, or latest date (days ago) that test results were found again by the scanner. This parameter can be configured.

    Use case

    At times, assets (configuration items) might be decommissioned in your environment or purged by third party-scanners. When this happens, the assets' associated configuration test results are not updated in the Configuration Compliance application by imported detections and they become inactive (stale).

    To reduce the number of active test results (TRs) and remediation tasks (RTs) in your instance, activate the Auto-Close Stale Test Results feature. This feature closes aged test results automatically that have unchanged states or have not been recently imported by your integrations.

    As an example, suppose a particular configuration item (CI) has multiple asset IDs, and one of these IDs has not been imported on detections from a third-party scanner in the last 90 days. If you set the condition builder in the Auto-Close Stale Test Results module to close tests results that have not been found or updated in the past 90 days or more, this feature automatically closes any test results that match this filtering.

    Note:
    This feature only closes test result detections based on the filter conditions that you set in the condition builder and are detected by your third-party scanner integrations.

    The Resolution field

    To differentiate between the detections that are closed by third-party scanners such as the Qualys and Tenable.io products and the Auto-Close Stale Test Results feature in your instance, a new value for the Resolution field, [Closed-Stale], has been added. Closed-Stale indicates that a TR was closed by the auto-close feature. Closed or Fixed-Closed indicates that a TR was closed by a scanner.

    Rollup of TR states to TRGs with the Auto-Close feature

    The state progression and precedence for test results is: Open > Closed > Fixed-Closed > Closed-Stale.

    1. If any TRs in a TRG are Open, the TRG state is not changed.
    2. If at least one TR is Closed - Fixed and the rest are Closed - Stale, the TRG state transitions to Closed - Fixed.
    3. If all the TRs in a TRG are Closed - Stale, the TRG state transitions to Closed - Canceled.

    Supported integrations

    For more information on the third-party integrations that support this feature, see Understanding the Qualys Vulnerability Integration and Tenable.io integrations with the Vulnerability Response and Configuration Compliance applications.