Vulnerability Response implementation

  • Release version: Yokohama
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vulnerability Response implementation

    The Vulnerability Response application on the ServiceNow AI Platform® enables customers to efficiently manage vulnerabilities by automating assignment, grouping, risk calculation, and remediation tracking. This implementation guidance covers downloading, installing, and configuring the application along with supported third-party scanner integrations such as Qualys.

    Show full answer Show less

    Installation and Configuration

    • Download the Vulnerability Response application from the ServiceNow Store and install it on your ServiceNow AI Platform instance.
    • Use the Setup Assistant to configure the application, starting with Vulnerability Response Settings to verify and understand its processes.
    • The example includes installing the Qualys Vulnerability application alongside the base system.
    • Role requirements: An admin role is necessary for installation and role assignments; the snvul.vulnerabilityadmin role configures the applications via Setup Assistant and validates outcomes.

    Key Configuration Areas

    • Vulnerability Assignment Rules: Automatically assign vulnerable items (VIs) to appropriate assignment groups.
    • Remediation Task Rules: Automatically group VIs during import based on defined conditions.
    • Risk Calculators: Default Risk Calculator is enabled to assess vulnerability risk levels.
    • Remediation Target Rules: Define remediation timelines for VIs and remediation tasks (RTs).
    • Configure third-party applications by entering account information, import settings, schedules, and CI lookup rules to tailor the vulnerability data ingestion and processing.

    Additional Resources and Best Practices

    For detailed step-by-step instructions, a checklist, and links to supporting documentation, refer to the Implementation checklist for the Vulnerability Response application. To optimize performance and customization, consult the Knowledge Base article “Best Practices: Vulnerability Response Implementation” (KB1157979).

    Use the steps illustrated in the following images to download the Vulnerability Response application from the ServiceNow Store, install it on your ServiceNow AI Platform® instance, and configure it using the Setup Assistant.

    An installation and configuration example for installing the base system, the Vulnerability Response application and a third-party scanner application, the Qualys application, is illustrated in the following images. Required roles and mandatory tasks, as well as optional steps, are also listed.

    • For more information about each step illustrated in the following images and a checklist with links to supporting documentation, see Implementation checklist for the Vulnerability Response application.
    • You can extend the concepts and sequence of steps presented in this example to installing and configuring other supported applications for Vulnerability Response. For a list of support applications, see Installation of Vulnerability Response and supported applications.
    • The admin role is required to download and install the Vulnerability Response application and the Qualys Vulnerability application used for this example.
    • The admin role also assigns the Vulnerability admin [sn_vul.vulnerability_admin] persona and other Vulnerability Response persona roles to users and groups.
    Figure 1. Admin tasks
    Refer to the first section for links and a description of how to download, activate, and configure apps from within the Setup Assistant.

    The sn_vul.vulnerability_admin role configures the Vulnerability Response and Qualys applications in Setup Assistant and verifies expected results.

    Follow the steps and prompts in Setup Assistant starting with the Vulnerability Response Settings section to continue with the installation and configuration. Reviewing these settings helps you understand and verify the processes of Vulnerability Response as you continue to set up your environment.

    Role required: sn_vul.vulnerability_admin or, alternatively, admin.

    Figure 2. Vulnerability admin tasks
    Vulnerability admin tasks in the Setup Assistant under the Vulnerability Response Settings module and the Integration Configuration module.

    Review the descriptions, default settings, and demo data that you installed with the applications in the following sections:

    • Vulnerability Assignment Rules - automatically assign vulnerable items (VIs) to the appropriate assignment group.
    • Remediation Task Rules - automatically group vulnerable items (VIs) as they are imported based on certain conditions.
    • Risk Calculators - Default Risk Calculator is enabled.
    • Remediation Target Rules - Define remediation time lines for VIs and remediation tasks (RTs).
    • Review and edit the settings for the third-party applications and installed solutions you installed and define conditions for your data imports. Enter your third-party account information and configure import settings, and schedules, configuration item (CI) lookup rules, as well as other settings.

    See Implementation checklist for the Vulnerability Response application for more information.

    For additional information while customizing or implementing the Vulnerability Response application, see the Best Practices: Vulnerability Response Implementation for better performance Knowledge Base article [KB1157979].