Installation of Vulnerability Response and supported applications

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Installation of Vulnerability Response and supported applications

The Vulnerability Response application is a foundational ServiceNow solution available from the ServiceNow Store. It supports integration with other ServiceNow applications and third-party systems to enable comprehensive vulnerability management. Proper installation and configuration are essential to leverage its full capabilities, including data import, remediation, analytics, and mobile access.

Show full answer Show less

Key Features

Core Application Installation: Installing the Vulnerability Response application is the first critical step. Detailed guidance is provided in the implementation checklist and installation documentation.
Setup Assistant Configuration: After installation, use the Setup Assistant to assign user roles, create assignment and remediation rules, set target dates, and configure risk calculators. This tool also facilitates selecting, installing, and configuring supported third-party integrations that import vulnerability data.
Third-Party Integrations: Supported integrations pull vulnerability data from external sources. Before enabling these, run the NVD and CWE integrations and scheduled jobs to import and update vulnerability libraries.
Analytics and Reporting: Customers can optionally install the Performance Analytics Content Pack for Vulnerability Response to access lifecycle reports. The Performance Analytics application is also optionally available for enhanced analytics.
Solution Management: Optionally install the Solution Management for Vulnerability Response application to correlate vulnerabilities with remediation solutions. Note that this requires a separate subscription and unlocks additional integrations such as Microsoft and Red Hat solutions.
Mobile Access: Installing the ServiceNow Agent app and the Vulnerability Response Mobile app provides mobile capabilities for managing vulnerabilities.

Additional and Advanced Setup

Additional Setup Tasks: Beyond the basic Setup Assistant, other configuration tasks support reporting, notifications, native integrations, and vulnerable item management. These are typically performed outside the Setup Assistant.
Advanced Configuration: Optional advanced setup requires coding skills or expert ServiceNow knowledge and is not part of the basic configuration. These tasks enable deeper customization and integration.

Practical Benefits for ServiceNow Customers

By following this installation and configuration flow, customers can rapidly deploy Vulnerability Response with proper user access, automated data ingestion, and effective remediation workflows. Optional analytics and solution management enhance visibility and actionability of vulnerability data. Mobile applications extend management capabilities to field and remote teams. Advanced configurations allow tailored setups to fit complex environments.

The Vulnerability Response application is available from the ServiceNow Store. The application supports other ServiceNow applications and third-party integrations that you also download from the ServiceNow Store. More options also are available to extend the basic setup.

Tasks for basic setup

The Vulnerability Response application is required as a first step. For more information about installing it, see Implementation checklist for the Vulnerability Response application and Install the Vulnerability Response application.

After installation is completed, you can Configure Vulnerability Response using Setup Assistant.
With the Setup Assistant, assign users and groups for access to the application, create or edit assignment rules, remediation task rules, and target dates, set up risk calculators.
You can also select, install, and configure one or more supported third-party integrations from the Setup Assistant. These integrations retrieve vulnerability data from external systems and vendors. For more information about how integrations work and the integrations supported by Vulnerability Response, see Vulnerability Response integrations.
Prior to implementing any third-party integrations, run the NVD integration and CWE scheduled job as part of your initial setup of Vulnerability Response.
See Importing data with the NVD and CWE integrations and managing third-party libraries and Configure and run the scheduled job for updating CWE records for more information about installing, configuring, and viewing the NVD and CWE libraries.
Select an analytics application, when applicable. The Performance Analytics Content Pack for Vulnerability Response application contains reports that cover all stages of the vulnerability management lifecycle.
[Optional] Install and configure the Performance Analytics for Vulnerability Response [PA] application application.
Select a solutions application, when applicable. Solution management helps you correlate the vulnerabilities in your environment with the solutions that could remediate them. [Optional] Install the Solution Management for Vulnerability Response application.
Note:
- When the Vulnerability Solution Management application is enabled, the Microsoft Security Response Center Solution Integration and the Red Hat Solution Integration are available to edit in Setup Assistant.
- Vulnerability Solution Management requires a separate subscription. For more information, see Vulnerability Solution Management.
[Optional] Install the ServiceNow Agent app and the Vulnerability Response Mobile app for the Mobile experience for Vulnerability Response.

Other setup tasks you can perform

These additional setup tasks add to your basic configuration and support remediation with options for reporting, email notifications, native integration configuration, and working with vulnerable items. Most of these tasks are performed outside of the Setup Assistant. See Additional Vulnerability Response setup and configuration tasks.

Advanced tasks outside of the basic setup

These optional configuration tasks are performed outside of Setup Assistant and require coding or advanced ServiceNow expertise and are not considered part of the basic configuration. See Advanced Vulnerability Response configuration tasks.