Assessment tab

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Assessment tab

    The Assessment tab in the Vulnerability Assessment Workspace allows ServiceNow customers to review detailed results after performing an assessment of vulnerability events. It correlates assessment records with data from Software Bill of Materials (SBOM) and Software Asset Management (SAM), displaying these insights with intuitive visualizations. This tab becomes visible when new assessments are created and helps customers track vulnerability status and impact on configuration items (CIs).

    Show full answer Show less

    How the Assessment Works

    • Clicking the Assess button initiates a background job that assesses all related Common Vulnerabilities and Exposures (CVEs) and affected products using SBOM and SAM data.
    • The process identifies Vulnerable Items (VITs/AVITs) and related CIs, which populate the Vulnerable Items and Application Vulnerable Items tabs.
    • Identified CIs are displayed in the affected configuration items table. New CIs are added with the Has vulnerable item flag set to true and Source marked as Scanner. Existing CIs update only the flag while retaining the original source.
    • A scheduled Vulnerability Assessment job updates the affected CIs and source information if new vulnerable items are discovered after the initial assessment.
    • The workspace shows timestamps for the last assessment and reflects the current assessment status (e.g., in progress). Refreshing the page updates the status and reveals related tabs once complete.

    Key Features and Data Visualizations

    The Assessment tab provides multiple widgets and visualizations to help customers understand vulnerability impacts:

    • Configuration Items (Host/Infra): Displays counts of CIs with and without vulnerable items related to the assessment record.
    • Scanned Applications: Shows the total number of applications scanned that contain Application Vulnerable Items (AVITs), including counts for primary and secondary CVEs.
    • BOM Components and Product Models: Presents total counts of components and product models with and without AVITs.
    • Configuration Items by Assessment Source: A stacked bar chart showing affected CIs categorized by their assessment source.
    • Configuration Items by CI Class (Installation Assessment): A pie chart breaking down affected CIs by CI class.

    Practical Benefits for ServiceNow Customers

    This functionality enables customers to:

    • Efficiently correlate vulnerability data against their IT asset inventory and software components.
    • Visualize the scope and impact of vulnerabilities across hosts, applications, and components.
    • Track the status of vulnerability assessments in real time and ensure affected CIs are accurately flagged and sourced.
    • Improve remediation prioritization by understanding affected configuration items and their classification.

    Review the assessment results in the assessment tab. After you perform an assessment of the vulnerability event, the record is correlated against the data from Software Bill of Materials and Software Asset Management and displayed with visualisations.

    The assessment tab populates data (if available) based on the assessment record that you create and correlates the details against assessments from Software Asset Management and Software Bill of Materials component data in the CMDB.

    How the assessment works

    On selecting the Assess button, an assessment for all the related CVEs and affected products using both Software Asset Management and SBOM data is initiated. A background job is triggered and when the assessment is processed the VITs or AVITs associated with the vulnerable entries or CVEs display in the Vulnerable Items and Application Vulnerable Items tabs.
    • All the vulnerable items or TPEs related to the CVE are identified.
    • The Configuration Items (CIs) related to the vulnerable items are also identified and display in the affected configuration items table.
    • If the CIs are not present in the affected CI table, the identified CIs are added to the table and the Has vulnerable item flag is turned to true, and the Source field's value is set to Scanner.
    • If the CI already exists in the affected configuration items table, only the Has vulnerable item flag is set to true and the Source remains unchanged from when the assessment record was created.
    • If vulnerable items are created after the assessment a Vulnerability Assessment scheduled job is run to update the affected CIs table and the source of the CI.
    • On the Assessment workspace, you can view timestamps to see the last assessment of the events. The Assessment tab is visible only when the new assessments are created. If the assessment is in progress state, then the last assessment status will appear as the assessment is in progress. To view the updated assessment status, you need to refresh the page. Once the assessment is completed, the user will be able to see all the related tabs for that assessment.
    Figure 1. Vulnerability Assessment Workspace- Assessment Tab
    Assessment Tab
    The assessment details displays for the following widgets.
    • Configuration Items (Host/Infra)
    • Scanned Applications
    • BOM Components and Product Models
    • Configuration Items by CI Class (Installation Assessment)
    • Configuration Items by Assessment Source – Displays the Affected Configuration Items list.

    Data visualizations

    Name Type Description
    Configuration Items (Host/Infra) Single Score Displays the count of CIs with and without VIs.

    The Configuration Items widget displays the total count of CIs that are found to be associated with the assessment record. The widget further displays the configuration items with vulnerable items and without vulnerable items.
    Scanned Applications Count Total count of applications scanned with AVITs.
    Note:
    You can view the count of scanned applications for both primary and secondary CVEs.
    BOM Components and Product Models Single Score Total Component count, Product model count, With Application Vulnerable Items, Without Application Vulnerable Items count.
    Configuration Items by Assessment Source Stacked bar Affected Configuration Items stacked by the assessment source.
    Configuration Items by CI Class (Installation Assessment) Pie Chart Configuration Items stacked by CI Class.