Configuring Vulnerability Response using the Setup Assistant

  • Release version: Yokohama
  • Updated January 30, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Vulnerability Response using the Setup Assistant

    The Setup Assistant in ServiceNow Vulnerability Response guides you through configuring your environment and integrating supported third-party vulnerability scanners. It streamlines the installation and setup process to enable efficient vulnerability management and remediation within your organization.

    Show full answer Show less

    Key Features

    • Role-Based Setup: Requires two key roles—admin for system administration tasks and vulnerability admin for vulnerability-specific configurations. Role assignments control user access and capabilities in Vulnerability Response.
    • User and Role Management: Assign Vulnerability Response personas and granular roles to users and groups to manage visibility and permissions effectively. Key roles include snvul.admin for administration, snvulvulnerabilitywrite for remediation task creation, and snvulvulnerabilityread for read-only access.
    • Third-Party Integration Installation: Install supported vulnerability scanner integrations such as Qualys and Tenable directly via the Setup Assistant. This enables automated import and management of vulnerability data.
    • Application-Wide Settings and Rules: Define assignment rules for automatic remediation task assignment and remediation task creation rules to streamline vulnerability resolution workflows. Risk calculators prioritize vulnerabilities based on scoring rules, and remediation target rules categorize remediation efforts.
    • Integration Configuration: Configure, schedule, and launch vulnerability scanner integrations and solution providers (e.g., Red Hat, Microsoft Security Response Center) within the Setup Assistant. Supports multiple deployments of the same integration using templates, though multi-instance Rapid7 InsightVM setups must be configured separately.

    Practical Considerations and Recommendations

    • Obtain a list of users, groups, and integrations from your Vulnerability Manager before starting the setup.
    • Use the Reapply feature carefully to update assignment rules, scheduling it based on your environment’s size to avoid performance issues.
    • Instead of deleting original integrations used as templates, disable them to maintain template availability for new integrations.
    • For integration scenarios not supported directly by Setup Assistant (like multiple Rapid7 InsightVM integrations), configure them manually following ServiceNow guidelines.
    • Refer to additional setup and configuration documentation for tasks not covered in the Setup Assistant.

    Expected Outcomes

    By following the Setup Assistant, ServiceNow customers can expect a fully configured Vulnerability Response environment that enables:

    • Efficient role-based access control aligned with organizational responsibilities.
    • Automated vulnerability data ingestion from key third-party scanners.
    • Streamlined remediation workflows through automated assignment and task creation rules.
    • Prioritized vulnerability handling via customizable risk calculators.
    • Integrated solution management for vulnerability remediation providers.

    This setup ensures that your organization can effectively track, prioritize, and remediate vulnerabilities with minimal manual configuration effort.

    Setup Assistant walks you through setting up Vulnerability Response and certain third-party integrations for your environment. Setup Assistant provides almost everything you need to install and set up your environment so that you can use Vulnerability Response.

    Figure 1. Setup Assistant functionality
    Setup Assistant functionality with System Administration, Vulnerability Response Settings, and Integration Configuration sections.

    Using Setup Assistant requires two different ServiceNow AI Platform® roles: admin and vulnerability admin.

    Refer to the following sections to supplement the instructions and prompts provided in Setup Assistant.

    System Administration - assign users and groups and install integration applications

    Role required: admin

    A list of users and integrations should be obtained from the Vulnerability Manager prior to beginning these tasks.

    1. Navigate to All > Vulnerability Response > Administration > Setup Assistant.
    2. In the first section, System Administration, the admin the assigns roles to users and groups and installs supported integrations.

      Assign Vulnerability Response personas and roles to users and groups in Setup Assistant.

      Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

    3. Assign roles in Setup Assistant.
      • Assign the role of sn_vul.admin to users or groups.
      • Assign the sn_vul.admin role for Vulnerability Response administration and configuration including vulnerability integrations, remediation task rules, calculators, and time-to-remediate rules.
      • Assign the sn_vul_vulnerability_write role for the creation and update of remediation tasks and vulnerable items.
        Note:
        All other users automatically receive Write access only to remediation tasks that are assigned to them.
      • Assign the sn_vul_vulnerability_read role to view remediation tasks, vulnerable items, and other vulnerability information.
        Note:
        Users with the itil role are automatically granted the sn_vul.remediation_owner role allowing them to see remediation tasks and vulnerable items assigned to them, vulnerability entries, and, solutions in the Vulnerability Response application on their instance and in the Mobile Agent application. No additional assignment is needed.
    4. Install third-party integration applications.

    Vulnerability Response Settings

    Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin

    Setup Assistant Vulnerability Response Settings section, which includes Vulnerability Assignment Rules, Remediation Task Rules, Risk Calculators, and Remediation Target Rules.

    In Vulnerability Response Settings, the vulnerability administrator defines application-wide settings and defines rules for Vulnerability Response. Alternatively, the admin can perform these tasks.

    1. Create Vulnerability Assignment Rules.

      Create rules that define the automatic assignment of remediation tasks for resolution. At least one rule is shipped with the base system. See Vulnerability Response assignment rules overview for more information.

      Note:

      The reapply feature requires a baseline application of the rules. Once your rules are created, activate the Reapply all vulnerability assignment rules scheduled job to execute, at your convenience. Otherwise, you will be required to reapply all rules to all Open VIs prior to changing them.

      When the job is complete, set the Run field in the scheduled job to fit your environment. Depending on the number of active VIs you have, evaluating and updating them daily can have non-trivial performance impact. For larger environments, consider updating once a week or even once a month.

      Reapplying assignment rules does not regroup the vulnerable items.

    2. Create remediation task rules.

      Create rules that define the automatic creation of remediation tasks for resolution. At least one rule, Vulnerability, is shipped with the base system. You can reapply the rules from the form or list view.

    3. Create and enable Risk Calculators.

      Enable risk calculators that define how vulnerable items are scored for prioritization. Several risk calculators are shipped with the base system. See Vulnerability Response calculators and vulnerability calculator rules information on creating or editing risk calculators for your environment.

    4. Create Remediation Target Rules.

      Create remediation target rules for categories of remediation. At least one rule is shipped with the base system. See Vulnerability Response remediation target rules for more information on creating rules for your environment.

    Integration Configuration

    Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated), or admin.

    Setup Assistant Integration Configuration section that includes Scanner Integrations.

    In the Integration Configuration section, configure, schedule, edit, and launch on-demand the following third-party vulnerability scanner integrations and, if the Solution Management for Vulnerability Response application is installed, solution providers.

    Note:
    Multiple vulnerability integrations for Rapid7 InsightVM are not available within Setup Assistant. See Create domain-separated imports for an integration for information on configuring and creating multiple Rapid7 InsightVM integrations.

    Additional tasks

    See Additional Vulnerability Response setup and configuration tasks for more information on setup tasks not included in Setup Assistant.