Triage vulnerabilities automatically

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Triage vulnerabilities automatically

    This process helps ServiceNow customers automatically triage vulnerabilities imported from third-party sources by transforming them into remediation tasks. It ensures efficient assignment, risk calculation, grouping, and tracking of vulnerable items (VIs) to support timely remediation and validation through scans.

    Show full answer Show less

    Key Features

    • Automated Vulnerable Item Assignment: Uses CI Lookup and Assignment rules to assign VIs to appropriate teams based on configuration items and predefined criteria.
    • Remediation Task Creation: Vulnerable items are grouped into remediation tasks automatically or manually if grouping rules do not apply.
    • Risk Score Management: Risk calculators evaluate and allow revision of vulnerability risk scores for prioritization.
    • Remediation Target Rules: Define targets and priorities to determine which vulnerabilities to address immediately or defer, based on risk and system impact.
    • Validation and Closing: Older vulnerabilities not detected recently can be automatically closed; validation scans confirm remediation completion.
    • Integration with Change and Security Incident Processes: Create Change Requests for remediation tasks or Security Incident Records if the Security Incident Response plugin is enabled.

    How to Use

    • Log into the Vulnerability Response instance and validate CI Lookup and Assignment rules to ensure accurate mapping and assignment of VIs.
    • Validate remediation target rules to confirm proper prioritization and handling of vulnerabilities.
    • Review ungrouped vulnerable items; adjust grouping rules or manually group as needed to ensure all vulnerabilities are tracked.
    • Reassess and adjust risk scores for vulnerabilities to align remediation priorities with organizational risk tolerance.
    • Close outdated vulnerabilities that are no longer detected to maintain focus on current risks.
    • Research remediation steps, prioritize based on risk and operational constraints, and create Change Requests or Security Incident Records assigning them to appropriate groups.
    • After submitting change requests, update the remediation task status to “Under Investigation” to track progress.

    Benefits for ServiceNow Customers

    • Streamlines vulnerability triage to reduce manual effort and improve accuracy in assigning remediation work.
    • Improves prioritization by incorporating risk scores and remediation targets, ensuring critical vulnerabilities receive prompt attention.
    • Enhances visibility and tracking of remediation activities through automated grouping and status updates.
    • Supports compliance and security posture by integrating with change management and security incident workflows.

    Reviewing and triaging new vulnerabilities is necessary to ensure successful remediation. Transform vulnerability imports into remediation tasks with automated vulnerable item (VI) assignment, risk calculation, remediation targets, and VI grouping.

    Starting with imported vulnerabilities, reconcile the assets not found in the CMDB, prioritize the results, translate that to remediation activities that are automatically assigned, orchestrate the remediation process, and confirm completion with a validation scan.

    New vulnerable items are usually sorted into remediation tasks upon import, based on remediation tasks rules. Sometimes, vulnerable items cannot be grouped or do not contain a recognized configuration item.

    An overview of the vulnerability triage process: