Remediation efforts in the Vulnerability Manager Workspace

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Remediation efforts in the Vulnerability Manager Workspace

A Remediation Effort in the Vulnerability Manager Workspace is a static set of records linked to a watch topic. These records do not update with new import data or changes to watch topics after the remediation effort is created. Remediation efforts help track and manage vulnerability remediation progress for hosts, applications, containers, and configuration test results.

Show full answer Show less

Access and Roles

Access requires specific roles depending on the vulnerability type: snvul.vulnerabilityanalyst or snvul.vulnerabilityadmin for host vulnerabilities (VITs), snvul.appsecmanager for application vulnerabilities (AVITs), snvulcontainer.vulnerabilityanalyst or snvulcontainer.vulnerabilityadmin for container vulnerabilities (CVITs), and snvulc.admin for configuration test results (CTRs).

Functionality and Interface

On the Remediation Efforts list, selecting a remediation effort opens detailed views categorized by record types: Host, Application, Container Vulnerable Items, and Configuration Test Results.
You can group records by type using the “Group by Record type” option, facilitating easier categorization and management.
The Overview tab displays the remediation progress, including a graph of closed records over time with filter options for detailed analysis.
The Details tab provides information about the remediation effort’s associated watch topic and its status (Active or Inactive). Efforts can be deactivated here. Deactivating before completion allows active records to be reassigned to new remediation efforts.
The Remediation Tasks tab shows associated tasks and the percentage of remediated records per task.
The Vulnerable Items tab lists all records linked to the remediation effort for Host, Application, and Container vulnerabilities.
The Configuration Test Results tab shows related configuration test results for remediation efforts tied to configuration topics.

Lifecycle and Status

When all records in a remediation task are completed and closed, the remediation effort status automatically changes to Inactive.
Inactive remediation efforts lock their closed records, preventing them from being added to new remediation efforts.

Practical Benefits for ServiceNow Customers

Organize and track remediation activities efficiently across different vulnerability types within a single workspace.
Monitor progress visually and through detailed task-level metrics to prioritize and manage remediation efforts effectively.
Control remediation effort lifecycles, enabling flexible reassignment of unresolved vulnerabilities to new efforts.
Ensure clear visibility into remediation efforts, enhancing collaboration among teams responsible for different vulnerability domains.

A Remediation Effort is a set of records that are associated with a watch topic. The records listed on a remediation effort are static. They are not updated by new import data or changes that you make to watch topics.

Role required:

sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs)
sn_vul.app_sec_manager for application vulnerable items (AVITs)
sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs)
sn_vulc.admin for configuration test results (CTRs)

With Active selected under the Remediation efforts list on the List page, click a remediation effort link to open it. To categorize the Remediation efforts into host vulnerable items (VITs), application vulnerable items (AVITs), container vulnerable items (CVITs), and configuration test results (CTRs), select the three dots menu on the Record Type column and then select Group by Record type.

The related list items on the remediation effort record permit you to view overall remediation progress and status on the records associated with it.

On the Overview tab, monitor the records associated with this remediation effort that have been closed over time. To the right of the record, click the filter icon on the graph to see the filters applied to the data visualization.
On the Details tab, view details about the remediation effort including its associated watch topic and status (Active or Inactive). You can deactivate a remediation effort from this page. If you deactivate the remediation effort before all the records are closed, any active records become available to add to new remediation efforts.
On the Remediation Tasks tab, view the Remediation Tasks associated with this remediation effort. See the percentage of the records associated with this task that are remediated.
On the Vulnerable Items tab, view the records associated with this remediation effort. When all the records in a remediation task are completed and closed, the remediation effort transitions to Inactive. When a remediation effort is inactive, all the closed records associated with the remediation effort aren’t available to add to new remediation efforts.
Note:
The Vulnerable Items tab appears for the remediation efforts that are associated with watch topics in the Host Vulnerabilities, Application Vulnerabilities, and Container Vulnerabilities modules.
On the Configuration Test Results tab, view the Configuration Test Results associated with the Remediation Effort. When all the records in a remediation task are completed and closed, the remediation effort transitions to Inactive. When a remediation effort is inactive, all the closed records associated with the remediation effort aren’t available to add to new remediation efforts.
Note:
The Configuration Test Results tab appears for the remediation efforts that are associated with the watch topics in the Configuration Test Results module.

For more details and UI actions you can perform from a remediation effort, see Use Remediation Effort records.