How does CSDM complement Vulnerability response

Dharshini Rohit
Tera Contributor

‎02-15-2023 04:49 AM

Hi,

 

In all VR documents, it is mentioned that a CI should possess an Assignment group info for the Remediation tasks to be assigned to. However, this contradicts the fact of introducing CSDM. As in CSDM, we group CI's either to a Technical Service offering via Application service. The support group info for ITSM triaging is obtained (based on category of the Incident) from either Application Service or from the Technical Service offering.  But for VR, we are required to populate this info on the CI. My question is, where and how does CSDM provide value to Security operations/ vulnerability response.

 

Thanks

Dharshini

 

0 Helpfuls
  • 1,447 Views
19 REPLIES 19

Barry Kant
ServiceNow Employee
ServiceNow Employee

‎02-15-2023 05:00 AM

hello, 

that is partly true. We group via Application Service for application support services. 
For the supporting Infrastructure we have Infrastructure support services which are group by Dynamic CI Groups and related to the TSO:

Screenshot 2023-02-15 at 13.57.06.png



There are a number of groups related in the TSO that are synced to the related CIs:
Support Group
Change Group
Managed by Group

for additional group relations the cmdb_rel_team table can be used. This however is not directly synced.

Hope this helps.

BR,

Barry

0 Helpfuls

Dharshini Rohit
Tera Contributor
In response to Barry Kant

‎02-15-2023 06:15 AM

Hi Barry,

 

Thanks for getting back.

So do we cascade TSO group info on to all CI's ? But how does this work, when a CI is part of  multiple TSO / App services? Is there any OOTB sync option that cascade this info? Since updating every CI with Assignment info contradicts the existence of CSDM. 

 

Regards

Dharshini

0 Helpfuls

Barry Kant
ServiceNow Employee
ServiceNow Employee
In response to Dharshini Rohit

‎02-15-2023 06:25 AM

Good question, 
that is why there is a validation that a CI can be part of 1 TSO, as otherwise this data cannot be synced. 
if that is correct or wrong I am not sure but that is how it is designed. To avoid manual maintenance. 

BR,
Barry

0 Helpfuls

CMDB Whisperer
Mega Sage
Mega Sage
In response to Barry Kant

‎02-15-2023 06:45 AM

This is also why I am skeptical that we can really assert that a CI can only be part of 1 TSO.  Depending on the CMDB Group logic it is definitely possible that a CI can legitimately be part of multiple TSOs.  While shooting for a 1 to 1 relationship is ideal, I don't think it is reasonable to design with this as a fixed assumption.


The opinions expressed here are the opinions of the author, and are not endorsed by ServiceNow or any other employer, company, or entity.
0 Helpfuls