Analytics and Reporting Solutions for Vulnerability Response

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Analytics and Reporting Solutions for Vulnerability Response

    ServiceNow’s Vulnerability Response provides comprehensive analytics and reporting tools to monitor and manage the vulnerability remediation process effectively. It enables organizations to track remediation progress, assess risk levels, and manage workloads within assignment groups using dynamic data visualizations and dashboards. These tools help streamline vulnerability management by providing insights into high-risk issues, recurring vulnerabilities, and deferrals.

    Show full answer Show less

    Key Features

    • Dynamic Data Visualizations: Available in Vulnerability Response Workspaces, these visualizations update in real-time to show the number and severity of active vulnerabilities important to your organization.
    • Default Dashboards: Accessible in both the classic and New Experience UIs, dashboards display critical metrics such as remediation task aging, high-risk vulnerable items, and overall remediation status. Dashboards vary by user role and can be customized.
    • Remediation Task Management: Within the Vulnerability Response Workspaces, you can manage remediation tasks by creating change requests, adding notes, deferring tasks, and closing completed tasks, all tracked by state and risk level.
    • Regulatory Compliance Tracking: The system supports time-sensitive compliance obligations, helping ensure remediation activities meet regulatory requirements.
    • Automated Scan Integration: Vulnerability scans are automatically triggered via third-party integrations. Vulnerable items detected as fixed are closed automatically, while unresolved items revert to an open investigation state for further action.
    • Reopening of Resolved Vulnerabilities: For integrations like Qualys and Rapid7, resolved but not closed vulnerabilities can be automatically reopened based on scan results or configurable age thresholds.
    • Vulnerability Solution Management Metrics: Detailed deployment progress metrics help identify bottlenecks in remediation by tracking task and vulnerability status, enabling focused resolution efforts.

    Practical Guidance for ServiceNow Customers

    • Use the Vulnerability Manager and IT Remediation Workspaces to monitor vulnerability trends and assess organizational risk dynamically.
    • Leverage default dashboards to prioritize remediation tasks based on risk and aging, adjusting risk scores and deferrals as necessary to align with your organization’s risk tolerance.
    • Manage remediation workflows directly from remediation task records, including creating change requests and deferring tasks to streamline workload management.
    • Track regulatory requirements and ensure compliance by monitoring remediation task deadlines and statuses.
    • Rely on automated integration with third-party scanners to maintain up-to-date vulnerability statuses, and configure reopening rules to ensure vulnerabilities are properly tracked through re-scans.
    • Utilize Vulnerability Solution Management’s deployment progress metrics to pinpoint and address delays in remediation efforts effectively.

    Monitoring vulnerability remediation involves viewing trends, managing risk, and monitoring assignment groups. You can review high risk issues, assignment group workloads, deferrals and, reoccurring vulnerabilities. Vulnerability Response offers tools, reports, and procedures to make that process more productive and efficient.

    Data visualizations in the Vulnerability Response Workspaces

    The Vulnerability Response Workspaces include data visualizations that can help you monitor your remediation progress. You can determine the threat level to your organization by viewing the number and severity of active vulnerabilities that are important to your organization on dynamic data visualizations that are updated as vulnerability data changes. See Vulnerability Manager Workspace and Exploring the IT Remediation Workspace for more information about the dynamic data visualizations that are available.

    Vulnerability analysts can also use default Vulnerability Response dashboards at All > Vulnerability Response > Overview.

    Important:
    Starting with version 19.0 of Vulnerability Response, this dashboard can also be viewed in the New Experience UI. To view the dashboard in the new UI, navigate to Workspaces > Vulnerability Manager Workspace and click the Dashboards icon. Depending on your role, the default dashboard is displayed. To view other dashboards, click the drop-down next to the dashboard name. For more information, see Dashboards in the Vulnerability Manager Workspace and Dashboards in the IT Remediation Workspace.
    Note:
    If you are on Tokyo, you can view the dashboards in the Next Experience UI but with some functional loss.

    Vulnerability Response remediation process

    Most vulnerability remediation is done from the remediation task record from within the Vulnerability Response Workspaces. From the remediation tasks (RTs) in the Under Investigation state, you can perform several tasks.
    • Create change requests.
    • Add work notes and descriptions of vulnerabilities within the remediation task.
    • Defer the remediation task and the vulnerable items in it until a later date.
    • Close the remediation task.
    • Track new regulatory compliance obligations, which are usually time sensitive.
    • Log in to your Vulnerability Response instance.
    • Review your Vulnerability Management and third-party dashboards and reports to locate problem areas. For example, view dashboards that show remediation task (RT) aging by states or high risk vulnerable items (VIs) past their remediation target date.
    • Review the state of remediation tasks, in order of risk.
    • Revise the prioritization for the tasks by adjusting your risk score calculators if the risk score is not being calculated correctly or deferring VIs or RTs, as needed. See Vulnerability Response calculators and vulnerability calculator rules or Defer a Remediation task for more information on these options.
    • Review deferred vulnerable items about to reopen and take further action as required. If you want to initiate and track change activities on your assets, remediation tasks, and their corresponding vulnerable items, for more information, see Change management for Vulnerability Responsefor further action.
    • Review feedback from IT Operations.

      Once you are notified that a change request is resolved, wait for the next scan. Scans are triggered automatically by the third-party import schedule configured in the Setup Assistant.

    • After a scan, if the state is Fixed, vulnerable items are automatically closed during import. The group closes when all vulnerable items in the group are fixed.
    • After the scan, if the state is not Fixed, the VI is automatically moved back to Under Investigation.

    • Vulnerable items set to 'Resolved' in your instance but not transitioned to 'Closed/Fixed' by the third party integration runs are reopened if they are detected during rescans.

      For Qualys detections, if the scanner continues to find VIs that were set to 'Resolved' but then not transitioned to 'Closed/Fixed' by subsequent scans, these VIs move back to 'Open' when the last found date is later than the Resolved date.

      For Rapid7 detections, an option is now available on the Rapid7 configuration page in your instance to reopen resolved VIs by age. If enabled, VIs set to 'Resolved' but then not transitioned to 'Closed/Fixed' by subsequent scans transition back to 'Open' after the number of days that you enter.

    Vulnerability Solution Management Deployment Progress

    Comprehensive deployment metrics for remediation tasks and vulnerability entries are included in Vulnerability Solution Management under Remediation Status in vulnerabilities, vulnerable items. Easily identify which remediation task or vulnerability is slowing resolution progress. Drill down into how the vulnerability is identified, or what aspects of the affected assets may be causing the remediation issue. Update the status of your metrics using the Update status related link in the vulnerability, solutions, and remediation task forms.