Eliz Skogquist
ServiceNow Employee
Options
- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 08-27-2024 12:23 PM
On August 21 & 22, Andy Ohja, Principal Outbound Product Manager, Siva Reddy Mallu, Principal Inbound Product Manager, and myself, Sr. Product Success Manager, SecOps, share the insights for "A Day in the Life of a Vulnerability Manager". The session reviewed the capabilities presented in the Vulnerability Manager Workspace.
Topics reviewed were:
- Home/Overview pages - providing pre-filters against data commonly reviewed
- Watch Topics - for creating ad hoc views against data requiring ongoing oversight
- Dashboards - Unified Vulnerability Response dashboard, VR Health Dashboard, among others
- Lists - Remediation Tasks, Remediation Efforts, Vulnerable Items, and all AVR, CC and Container VR listings (role dependent)
- Exposure Assessments (Optional) - an additional plug in for zero day assessment by CVE or software, accessible through the Vulnerability Manager Workspace
The webinar recording is available here:
Resource Links shared:
ServiceNow Documentation
- Vulnerability Manager Workspace
- Create a Watch Topic in the Vulnerability Manager Workspace
- Exploring exposure assessment
Community
- VR Symbiosis of Watch Topic, Remediation Efforts and Remediation Task Rules
- VR Exposure Assessment and Unified Vulnerability Response Dashboard updates
- VR Plug-ins and Upgrade Recommended Practices (VR Health Dashboard review)
A pdf of the slides have been attached.
| Question | Answer |
| Is dot-walking limited impact to configure Watch Topics? | Dot Walking is not limited while configuring Watch Topic. However, dot-walking beyond 2 levels could slow down your instance at the time of watch topic refresh. |
| Watch topic is like pre-defined filters on the Home page Overview, but its dymanic showing current status without running filter everytime? | Watch Topic provides functionality beyond a simple filter. We recommend watch topic for specific remediation initiatives - a critical vulnerability, or vulnerabilities on specific assets etc. If filtering is the only need, saved filters on the home page are a better fit. However, both Watch Topic and Saved Filters refresh once a day. On-demand refresh is available for Watch Topics and coming soon for Home Page. |
| For dashboards, do all show up in the list of dashboards on the Workspaces ui? We don't see all of the dashboards when looking at the list of dashboards in the Workspaces | The dashboards have role-based access control. Users can see the dashboards accessible to them with the right roles configured. If dashboards aren't presenting, we suggest to take a look at docs to see which roles are needed for a dashboard, and confirm role assignment for the user. |
| Are all of the features in Vulnerability Manager workspace available in the Vancouver Version? | Features in VM workspace vary for each version of the Vulnerability Response, and compatible across many flavors of platform version (Utah, Vancouver, Washington DC, etc.). This session was showing VR version 23.0.6. You can look at the VR Compatibility Matrix KB to see which versions of VR align for true-up to platform version in this KB: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0856498. Make note that the true-up version table is below the first table which presents compatibility versions across modules. True-up versions are activated when the platform is upgrading past the version of the application you have installed on your instance. Otherwise, if the version of the application is compatible with the platform upgrade, the version of the application will not change. |
| For creating new widgets, or modifying existing widgets where would be go? | Customizing (both create and editing) workspaces and dashboards is possible with UI Builder. |
| Bulk edit for all apps? To clarify, is this stating there is functionality to bulk edit Remediation Tasks? | Bulk Edit is supported for Vulnerable Items and Test Results as of now. Bulk Edit for Remediation Tasks in on our roadmap. |
| Has that version already been released? | The version being presented is released and generally available, VR version 23.0.6. |
| Starting from which version Dashboards within Vulnerability Manager Workspace are availble? | Dashboards within VM workspace are available from VR version 21.0.3 |
| Assuming "Bulk Edit for all apps" includes Configuration Compliance? | That’s right. Bulk Edit for Configuration Compliance Test Results is made available in the 23.0.6 VR store release. |
| Can you submit exception requests from the workspaces for both CVR and AVR? | Yes, Excpetion Request are available with workspaces for both CVR and AVR. |
| All the created watch topics will be available for everyone with correct roles, not just for a person who created the Watch topic. Correct ? | Yes. Watch Topics are global at the moment and are available for everyone with correct roles. Private watch topics are on our roadmap. |
| How are vulnerable items grouped into Remediation Tasks? | Different grouping choices are available currently for Remediation Task creation: Through the Watch Topic or Remediation Task Rule |
| What are the workspaces? | Workspaces are our modern user experiences tailored for user personas and user objectives. |
| Does every VR License have access to the Unified Dashboard? | No, it will depend on your entitlements. Please reach out to your account executives for confirming your entitlement support. |
| There is a new field called In Remediation task. It lets us know that a vulnerable item is in a remediation task but it doesn't tell you the name of the remediation task. Each VIT can be in more than one remediation task. Is there a way to run a report to see for a specific VIT, the list of remediation tasks it belongs to? We are trying to see this from a report without needing to open each VIT one by one | There is m2m table that maintains relationships between VITs and RTs. This table can be leveraged for your report. Also, we have plans to restrict one VIT and one RT and to make RT information directly available on the VIT. |
| The Health Dashboard is not available through my Vulnerability Manager workspace. What might be the issue? | Confirm that the SecOps Analytic Health plug-in has been activated, and you've been assigned the role of sn_sec_analytics.admin or sn_sec_analytics.read. |
| We use Watch Topics, because we must to create remediation tasks for the CVR and AVR modules | Remediation Task rules are made available recently for AVR and they are also coming for CVR. |
| Can you create personal dashboards and widgets with dedicated criterials? | Customizing (both create and editing) workspaces and dashboards is possible with UI Builder. |
| Is there any way that I can run a report to learn how many users are using Workspace compared to UI16? | You can leverage Usage Analytics Dashboard within the platform to understand the usage of workspaces within your instance. |
| Once the scan detects vulnerabilities, eg. Windows. it can be I have 20 CVEs where all of them require a single action: installation of a single update. do i see a single remetiation the task owner should go through or he see a list of 20 items with the same remediation action? | This is on our roadmap for Solution Management feature where remediation is driven through solutions in contrast to vulnerability detections. |
| How do you edit the widgets in the workspaces? | Workspaces widgets can be modified with Workspace UI builder. |
| Can PA dashboards be promoted to the Workspace? | PA Dashboards are already available in workspace. |
| Can the "Export Button" for Exporting Lists of Vulns be untied from Global Export Functionality. Currently if a User is able to export in the workspace lists, then the user is with ITSM role also entitled to use the same Export functionality in ITSM. | We will check the possibility of seperating the export options. |
| Are Assignment Rules or Remediation Task Assignment Rules something that is recommended to be done in PROD directly? | It really depends on the customer maturity and complexity of changes. Given that, unless the rules are scripted, the changes are simple enough to allow for them to be done directly in Prod. |
| Are the PA jobs split between modules? Our host module is extremely large but AVR and CVR is small. | PA jobs are seperate and modular for each module. |
| Who has access to customise the workspace layout? | System Administrators and Servicenow Developers can customize the workspace layouts in UI Builder |
| How does ServiceNow track the improvements of using Workspaces vs. working in Classic UX? Does Configurable Workspace already have the flexibility for customizations to meet business requirements? |
Classic UI is not something we recommend going forward, and want to move towards workspace. Yes there are configuration flexibilty available, we can have a dedicated session if you have any questions around that |
| How does the Auto closure of VIs works ? | Auto Closure can be configured to close VIs that meet a certain criteria. One common use is an asset that was scanned and had a VIT created for it, then for whatever reason got removed from the network. With it no longer being scanned, there is no means to have the VIT auto closed from a FIXED finding. So, the Auto-Close rules allow you to define that any active VITS that haven't been scanned in the last (example) 4 weeks, get set to a state of Closed. This frees up the Remediators from having to dig into that VIT for remediation. |
| How is the data taken for the dashboard? Is it integrated with any of the tools like Qualys..etc? | Yes all the integration runs that you have configured will be represented in the dashboard for your oversight. |
| Is this Overview page visibility dependent on level of premissions? Currenly only seeing Watch Topics under Vuln manager Workspace | There could be updates missing in the instance. The Overview is available from VR 21.0.3 release. |
| Any consideration for including CTRs in the workspace? | CTRs are currently available in the workspace. |
| As Watch Topics are created, over time there may be numerous listed. Is there a way to search for Topics? | Search for Watch Topics is on our roadmap. |
| Only 4 dashboards are visible, CISO, Vuln Approval, Vuln Management, Vuln. Man. (PA). Are the other dashboards available in a newer release or is this a premissions issue? |
Permissions driven. Check the roles required for dashboard access, then user's assigned roles. |
| Based on the previous response regarding watch topics... would you advice teams to use watch topics to drive/track vulnerability campaigns? | We recommend watch topic for specific remediation initiatives - a critical vulnerability, or vulnerabilities on specific assets etc. |
| Another example for linux, i have a CVE that is fixed in kernel 1.0, then there is another CVE that is fixed in 1.2; can i see only a single remediation as update to 1.2 or the remdiation owner see 2 different actions update to 1.0 and update to 1.2 | This is on our roadmap for Solution Management feature where remediation is driven through solutions in contrast to vulnerability detections. |
| Interesting that the Unified Dash requires an analyst role. Usually leaders want that view. | Unified Dashboard supports granular roles which can be leveraged for access control. |
| I would like to understand the latest feature addition on being able to assess risk scoring from within the VM workspace. | Re-evaluating rules from within the workspace is available from VR 23.0.6 version. In regard to that, you can now evaluate the assignments, remediation target dates, remediation tasks, and risk scores for a set of selected vulnerable items and application vulnerable items directly in the Vulnerability Manager Workspace, instead of evaluating these properties for all records in the classic UI. Simply check the records interested in Re-Assessing, and the button activates. When selected, you determine which rules you want reassessed on the selected records. |
| Does the remediation effort feature allow teams to enter a Planned Remediation date or target? If not we desparately need it. | No. This is not currently supported. Please consider posting this need to our idea portal, available on: Support.servicenow.com. |
| Is there a way to identify which VITS are in a Watch Topic with the remedation effort still set to No? | Yes. Watch Topic has a tab specifically for list of VITs present in that watch topic. Watch Topic provides functionality beyond a simple filter. We recommend watch topic for specific remediation initiatives - a critical vulnerability, or vulnerabilities on specific assets etc. If filtering is the only need, saved filters on the home page are a better fit. Both Watch Topic and Saved Filters refresh once a day. On-demand refresh is available for watch topics and coming soon for Home Page. |
| Can lists be shared in the remediation worksapce? EX: A user creates a list and gives access to other users | This is available as a default platform functionality. However, the user accessing the list must have required permissions to view the items in the list |
| Is there a tie in with VRM so can track the vulnerabilities associated with a particular vendor? | We do not have integration with Vendor Risk Management yet. But this item is in our roadmap. |
| What options does ServiceNow have available for flagging CVE's that are identified by our Cybersecurity Intelligence Threat team as actively used by Threat Actors attacking us? | Please check out Vulnerability Crisis Management which is an end-to-end workflow for handling critical vulnerability events and provides integrations with Software Asset Management, Software Bill of Materials and Major Security Incident. |
| Have you created a basic conversion checklist to help admins and SN teams to work togther to convert to workspaces | Handling UI customizations if any, gaining familiarity and training your users are all that is needed to switch to workspaces. |
- 1,427 Views
