Application Vulnerability Response - Assignment Rule Question

AC12
Tera Contributor

‎05-09-2022 11:28 AM

I am curious how others are leveraging the Assignment Rule feature in AVR to ensure the correct teams are getting the AVIT's assigned to them.  

Reviewing the SNow documentation hasn't helped put a confidence level on what needs to happen/will happen when we enable this module and integration.

For me, it does not make immediate sense how an Assignment Rule is derived.  We have Application Service CI's (cmdb_ci_service_discovered) and they list Support 2, Support 3 as well as Service Owner.  The Support 3 or Service Owner would be the respective owner/appadmin of the application that we'd want to assign the AVITs to.  The Support 2 in our case would map back to the server support team which manage the availability side and not application related.  I do not see reference to what the module points to out of the box for the Assignment Group piece for Assign Using, or the Configuration Item piece for Assignment Group Field.

 

find_real_file.png

find_real_file.png

Labels:
Preview file
9 KB
Preview file
11 KB
0 Helpfuls
  • 1,018 Views
5 REPLIES 5

Brad W1
ServiceNow Employee
ServiceNow Employee
In response to AC12

‎05-13-2022 03:38 PM

Since the Qualys WAS application is a Store App, you'll want to look at their documentation here:
https://store.servicenow.com/appStoreAttachments.do?sys_id=da2ecf6d1b2f70546dedcb34604bcb00

You can also have a look at the ServiceNow documentation on the general process here:
https://docs.servicenow.com/bundle/sandiego-security-management/page/product/vulnerability-app-vuln-...

 

0 Helpfuls