The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Make the best of Vulnerability Response and the Discovered Items Module - By Chris McDevitt, Senior Principal Business Process Consultant

Eric Feron
Moderator
Moderator

on ‎05-20-2021 02:48 PM

Why this Article

As Simon Sinek points out in his book ‘Start with Why’, ‘the why’ is probably the most crucial question for all of us. Why I wrote this article is pretty simple, I wanted to help people understand how they can leverage the Discovered Items module to enhance the overall success of the Vulnerability Response module. Along the way, I will share how I think about the Discovered Items and the tools I use to get the job done.

 

Who is this Article for?

This article is for you if you are new to the ServiceNow Vulnerability Response (VR) Store Application or new to the Discovered Items (DI) module. If you have insights into the Discovered Items module or have feedback on this article, I would love to hear from you!

 

What this Article is Not

This article is intended to be a supplement to the ServiceNow Documentation as well as the ServiceNow Training, not a replacement. This article is also not intended to replace a qualified consultant who can guide you through implementing Vulnerability Response successfully.

------------------------------------------

Read it all in the PDF attached.

 

 

 

 

 

 

 
Preview file
1230 KB
  • 2,521 Views
Comments
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
‎11-09-2021 06:15 AM

Hi,

The KB article listed in the article is now outdated.

The new KB article to delete VR data is: 

 

SN Arch Guy
Giga Guru
‎10-04-2022 12:10 PM

@Eric Feron @Chris McDevitt Thank you both. I've read this and a few other community posts, and I'm still not clear on the following question.


Since unmatched discovered items are still CIs, and Vulnerable Items can still be created for those unmatched CIs, is there any harm in working those "unmatched" VIs as-is, and creating remediation tasks for them, etc? I think it is implied in one of the articles that the VIs or tasks could end up being routed to in incorrect team, but that could probably be accounted for. As is implied in the doc, it may not be possible to ever match a CI; and the process may be lengthy to match some even if it is possible. So it seems that working an "unmatched" VI as-is might be necessary to remediate a risk asap. Note that I am not suggesting that CI Lookup Rules couldn't be improved but questioning if VIs can still be processed until they are.

0 Helpfuls
Version history
Last update:
‎05-20-2021 02:48 PM
Updated by:
Moderator