Vulnerability Response workspaces overview

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Vulnerability Response workspaces overview

The Vulnerability Response workspaces in ServiceNow Yokohama release provide specialized environments to manage vulnerabilities effectively across your organization. These workspaces support Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance. They enable teams to identify, prioritize, and remediate critical vulnerabilities and misconfigurations by integrating data from vulnerability libraries and third-party scanners into the ServiceNow AI Platform®.

Show full answer Show less

Key Features

Vulnerability Manager Workspace: Centralized area for vulnerability managers to analyze and prioritize vulnerabilities, assigning remediation tasks to IT specialists.
IT Remediation Workspace: Provides IT specialists with tools to monitor and resolve assigned remediation tasks, including patching, rescanning, change requests, and exception management.
Vulnerability Assessment Workspace: Designed for vulnerability event managers to assess exposure and manage critical vulnerability events proactively, such as zero-day threats.
Bulk Edit: Allows updating multiple vulnerability records simultaneously within the Vulnerability Manager Workspace.
Dashboards: Access various dashboards (Vulnerability Management, CISO, Container Vulnerability Management, Application Vulnerability Management, Unified Vulnerability Response, Health, and Vulnerability Remediation) through the Next Experience UI for comprehensive visibility.
Remediation Task Management: Create, split, and manage remediation tasks manually in both Vulnerability Manager and IT Remediation Workspaces.
Policy Exceptions: Request and manage exceptions for vulnerable items and remediation tasks in both workspaces to handle special cases compliantly.
Vulnerability Crisis Management (VCM): Track and handle critical vulnerability events effectively via the Vulnerability Assessment Workspace.
Compensating Controls Library: Add and manage compensating controls in the Vulnerability Manager Workspace to mitigate risks when direct remediation is not possible.
Risk Reduction Requests: Submit risk reduction requests for host vulnerable items and remediation tasks directly from the IT Remediation Workspace.
Integration with Agile and Jira: Create agile and Jira issues for application and container vulnerabilities directly from the Vulnerability Manager Workspace to streamline cross-team collaboration.

Practical Benefits

These workspaces equip your teams with structured workflows and tools to improve vulnerability management efficiency. Vulnerability managers gain a clear view and control over vulnerability prioritization and task delegation, while IT specialists benefit from centralized remediation task tracking and execution. The system also supports proactive event management during critical vulnerability scenarios, ensuring rapid response capabilities. The inclusion of dashboards and bulk edit capabilities enhances operational oversight and productivity. Additionally, policy exception handling and compensating controls provide flexibility to maintain compliance and manage risk effectively.

The Vulnerability Manager and IT Remediation Workspaces support Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance.

The Vulnerability Manager, IT Remediation, and Vulnerability Assessment Workspaces

Vulnerability Manager Workspace: As a Vulnerability Manager, protect your company's assets from malware and malicious attacks. From a single work area in your ServiceNow AI Platform®, with the Vulnerability Response application, along with current vulnerability data imported into your instance from vulnerability libraries and third-party scanner data applications, identify critical vulnerabilities and misconfigurations, prioritize them, and send lists of remediation tasks over to IT for their specialists to act on.
IT Remediation Workspace: As an IT specialist, use lists, or remediation tasks (RT) sent over by vulnerability managers to monitor and resolve critical vulnerabilities assigned to you or your groups. Fix groups of vulnerable items with patches, solutions, vulnerability rescans, change requests, exceptions, and other tools to remediate vulnerable items and test results all from one location.
Vulnerability Assessment Workspace: As a Vulnerability event manager, perform exposure assessment, and proactively manage critical vulnerability events especially during the critical vulnerability events such as a zero-day event.

Key features

The Vulnerability Response workspaces include the following features and enhancements.

Use the Bulk Edit feature in the Vulnerability Manager Workspace to update multiple records simultaneously. For more information, see Using bulk edit in the Vulnerability Manager Workspace.
View the Vulnerability Management (PA), Vulnerability Approvals, CISO, Container Vulnerability Management Overview, Application Vulnerability Management Dashboard, Unified Vulnerability Response, and Health dashboards in the Next Experience UI on the Dashboards page of the Vulnerability Manager Workspace. For more information, see Dashboards page in the Vulnerability Manager Workspace.
View the Vulnerability Remediation dashboard in the Next Experience UI on the Dashboards page of the IT Remediation Workspace. For more information, see Dashboards page in the IT Remediation Workspace.
Create the Remediation Tasks (VUL, AVUL, CVUL, or CRG) manually in the Vulnerability Manager Workspace and IT Remediation Workspace. For more information, see Create a remediation task manually in the Vulnerability Manager Workspace and Create a remediation task manually in the IT Remediation Workspace.
Split the Remediation Tasks (VUL, AVUL, CVUL, and CRG) in the Vulnerability Manager Workspace and IT Remediation Workspace. For more information, see Request exceptions for remediation tasks and records in the Vulnerability Manager Workspace and Split a remediation task in the IT Remediation Workspace respectively.
Request the policy exceptions for vulnerable items (VITs, AVITs, and CVITs), and Remediation Tasks (VUL, AVUL, CVUL, and CRG) in the Vulnerability Manager and IT Remediation Workspaces. For more information, see Request exceptions for remediation tasks and records in the Vulnerability Manager Workspace and Request an exception using GRC: Policy and Compliance Management in the IT Remediation Workspace respectively.
Create and track critical vulnerability events through the Vulnerability Crisis Management (VCM). For more information, see Explore the Vulnerability Assessment Workspace.
Add compensating controls to the Compensating controls library in the Vulnerability Manager Workspace. For more information, see Add a compensating control to the library.
Request risk reduction for a host vulnerable item and remediation task from the IT Remediation workspace. For more information, see Request risk reduction for a vulnerable item or remediation task.
Create an agile issue and a Jira issue for application and container vulnerable items from the Vulnerability Manager Workspace. For more information, see Create agile issue manually using form action and Create agile issue manually using list action.

For more information about version compatibility with the family releases, refer to the KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes article in the HI Knowledge Base.