Viewing patch data and patch data rollup for the Vulnerability Response Patch Orchestration integration with Microsoft SCCM

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Viewing patch data and patch data rollup for the Vulnerability Response Patch Orchestration integration with Microsoft SCCM

    This content describes how ServiceNow customers can view and manage patch data, patch rollup data, vulnerability information, and remediation status within the Vulnerability Response Patch Orchestration integration with Microsoft SCCM. This integration allows visibility and control of patching activities across vulnerable items and devices directly within ServiceNow Vulnerability Response Workspaces and the classic environment.

    Show full answer Show less

    Access and Roles

    • Roles Required:
      • snvulpatchorch.configurepatch to configure and schedule patches
      • snvulpatchorch.readpatch to view patch information (read-only)
      • These roles are inherited by remediation owners and vulnerability analysts with roles snvul.remediationowner and snvuln.vulnerabilityanalyst.

    Where to View Patch Data

    • IT Remediation Workspace:
      • Home view: Scorecards link to Preferred solutions on Vulnerable Items (VIs), Vulnerable Configuration Items (CIs), and Preferred Patches.
      • List view: Access Patch Update (VPU) records and assigned Vulnerable Items with patches.
      • Patch scheduling can be initiated from Patch Update records, Remediation tasks, and Discovered Item records.
    • Vulnerability Manager Workspace:
      • Home view: Watch topics show preferred and potential patches, scheduled patch dates, and download status on the Vulnerable Items tab.
      • List view: Patch data visible on Vulnerable Item remediation efforts.
    • Classic Environment: Navigate to All > Vulnerability Response > Patches to view Patch Update records.

    Patch Update Records Data

    Patch Update (VPU) records display comprehensive information including:

    • Vulnerability solution data imported from patch vendors via the Vulnerability Solution Management application.
    • Source Remediation Status detailing total vulnerable devices and devices missing updates.
    • Remediation Status showing percentage of Vulnerable Items remediated and count of VIs with preferred patches.
    • Related information on Associated Devices, Vulnerable Items, Patch Deployments, and Patch Requests accessible via related links or tabs.
    • Patch Requests submitted by remediation owners for approval.

    Patch Data Rollup and State Rollup

    Active Vulnerable Item (VI) counts and related state data are rolled up only when changes occur to avoid redundant data aggregation. These rollups apply to Vulnerable Item Tasks (VIT), Remediation Tasks (RT), Vulnerability Solutions, and Patch Update records.

    Additional Features

    • Viewing patches without associated solutions is supported with dedicated guidance.
    • Patch orchestration data integrates with Performance Analytics dashboards (Vulnerability Management and CISO dashboards) if the patch orchestration integration is installed.

    Dashboards and Reporting

    With Performance Analytics subscription and patch orchestration integration, customers can view patch-related metrics on:

    • Vulnerability Management (PA) Dashboard: Patch scheduling status, patches missing target dates, and weekly patch counts under the Remediation tab.
    • CISO Dashboard: Patch coverage data including criticality, scheduled and unscheduled patches, and patches missing target dates under the Overview tab.

    If patch orchestration is not installed, remediation data on the CISO dashboard remains unpopulated.

    Practical Benefits for ServiceNow Customers

    • Centralized visibility into patch status and remediation progress across Microsoft SCCM-managed environments.
    • Ability to schedule and manage patch deployments directly from Vulnerability Response Workspaces.
    • Automated rollup of patch and vulnerability state data to streamline remediation tracking.
    • Enhanced reporting and analytics through integrated dashboards to monitor patch coverage and remediation effectiveness.

    Patch data and patch rollup data, as well as vulnerability information and remediation status of your vulnerabilities are displayed on records in your instance.

    Viewing patch data in the Vulnerability Response Workspaces

    Roles required:
    • sn_vul_patch_orch.configure_patch role to configure and schedule patches
    • sn_vul_patch_orch.read_patch to view (read only) patch information on records. This role is inherited with the sn_vul.remediation_owner and sn_vuln.vulnerability_analyst roles that are required for the IT Remediation and Vulnerability Manager Workspaces

    In the IT Remediation Workspace, you can view the patches:

    • On the Home view, where you can click scorecards to view records for Preferred solutions on VIs, Vulnerable CIs, and Preferred Patches on VIs.
    • On the List view, where you can view all Patch Update records (VPUs) from the Patches links, and the vulnerable items (VITs) that are assigned to you that have patches.

    You can schedule patches from the following records:

    • From Patch Update (VPU)
    • Remediation task (RT)
    • Discovered Item (SDI) records

    In the Vulnerability Manager Workspace, you can view patches:

    • From the Home view on watch topics, where you can view preferred and potential patches, Patch scheduled dates, and, if the patch has been downloaded all on the Vulnerable Items tab.
    • From the List view on remediation efforts, where you can view patch data on VI records from theVulnerable Items tab.

    From the classic environment view, navigate to All > Vulnerability Response > Patches.

    Patch Update records in the VR Workspaces and in the classic environment view

    Patch data and patch rollup data and status are displayed on records in your instance. Patch records are included as part of the patch orchestration feature of this integration with Vulnerability Response. View Patch (VPU) records in Vulnerability Response Workspaces from the List view in the IT Remediation Workspace. Patch Update records in both the classic environment and Vulnerability Response Workspaces include the following data:

    • Vulnerability solution data and information from patch vendors imported by the Vulnerability Solution Management application.
    • Source Remediation Status that includes the total number of devices that have a given vulnerability that can be fixed by a patch. Additionally, it also includes and any devices that are missing updates.
    • Remediation Status that includes % of VIs remediated and the total VIs that have a patch as a preferred patch.
    • Associated Devices, Vulnerable Items, Patch Deployments and Patch Requests on the Related Links on records in the class view. This data is displayed on tabs on records in the Vulnerability Response Workspaces.
    • Patch Requests that remediation owners have submitted for approval.

    State rollup on vulnerable item records

    For more information about state rollup to records, see Patch data and state rollup for patch orchestration in Vulnerability Response.

    Records that roll up active VI counts

    To avoid rolling up all the patches to all the vulnerabilities, the scheduled job only picks up changes to the active VI count. These count changes and related data are rolled up to the following records in Vulnerability Response:
    • VIT
    • RT
    • Vulnerability solution
    • Patch Update

    Viewing data for patches without solutions

    For more information about viewing patches without solutions, see View patches without solutions in Vulnerability Response.

    Patch data on the Vulnerability Response

    The Vulnerability Management (PA) and CISO dashboards are included with a subscription with the Performance Analytics for the Vulnerability Response application. If you have a subscription for Performance Analytics, but do not have a patch orchestration integration installed, the remediation tab is displayed on the CISO dashboard, but it is not populated with data.

    For the Vulnerability Management (PA) dashboard, navigate to All > Vulnerability Response > Overview. Click the Remediation tab and scroll to the bottom of the page to view Patch Updates data: patches scheduled and not scheduled, patches missing their target dates, and weekly counts.

    For the CISO Dashboard, navigate to All > Vulnerability Response > CISO Dashboard. With the Overview tab selected, scroll to the bottom of the page to view Patch Coverage data: Criticality, patches scheduled and not scheduled, and patches missing their target dates.

    For more information about the Vulnerability Response dashboards, see Using the default Vulnerability Response dashboards, Patch orchestration with the Vulnerability Response Workspaces, and Viewing patch orchestration data on the Vulnerability Response dashboards.