Autoclose Vulnerable items on Retired CIs

AndrewP
Kilo Expert

We just upgraded to VR version 15, where autoclose retired CIs is a checkbox, which we have checked. However, we changed some CIs to retired state and their vulnerable items have not closed after multiple days. Is there somewhere in VR we can look to show why this feature is not working? 

 

Thanks,

Andrew

9 REPLIES 9

Shivam Sarawagi
ServiceNow Employee
ServiceNow Employee

Hi,

 

Which column in cmdb you using to mark asset retired? 

 

Thanks,

Shivam

Sulabh Garg
Mega Sage
Mega Sage

Hello Andrew,

I believe you are following the below procedure/configuration steps

Configuration steps-

  1. Navigate to Vulnerability Response > Auto-Close Configuration > Configuration Item Lifecycle.
  2. To automatically close vulnerable items associated with the retired CIs, select the Auto-close VIs linked to retired CIs check box.
  3. Select Update.
  • Note: If a CI is already retired before the Auto-close VIs linked to retired CIs option is enabled, VIs are created only for new detections from scanners. The state of these VIs is Closed and the substate is CI Decommissioned.
  • You cannot reopen VIs whose state is CI decommissioned, using the Reopen or Bulk Edit options.

    For more info, Please see this Automatically close vulnerable items related to retired CIs

 

Please Mark Correct/helpful, if applicable, Thanks!! 

Regards

Sulabh Garg

Please Mark Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg

Sulabh Garg
Mega Sage
Mega Sage

Also please check this scheduled job which runs on daily basis.

 

find_real_file.png

Please Mark Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg

AndrewP
Kilo Expert

Hello Shivam and Shulabh,

 

We have followed those steps. I am not sure how to find that scheduled script execution, is there an easy way to find that location? I will attach a screenshot of what we did.

 

Thanks,

Andrew