Autoclose Vulnerable items on Retired CIs

AndrewP
Kilo Expert

We just upgraded to VR version 15, where autoclose retired CIs is a checkbox, which we have checked. However, we changed some CIs to retired state and their vulnerable items have not closed after multiple days. Is there somewhere in VR we can look to show why this feature is not working? 

 

Thanks,

Andrew

9 REPLIES 9

Chris McDevitt
ServiceNow Employee
ServiceNow Employee

Hi,

So the full story for Automatically close vulnerable items related to retired CIs is as follows:

These features utilized the new CSDM Life Cycle. These new life cycles rely on the "Life Cycle Stage Status" and "Life Cycle Stage" fields. For this to work they need to be set to Retired and End of Life:

find_real_file.png

Take a look at:

  • The Reference Qualifier on "Life Cycle Stage Status"
  • The Scheduled Job "Close detections/VIs for decommissioned CIs"
  • The Business Rules on CMDB_CI "Update discovered items on CI retired"

 

 

Thanks Chris,

Since we do not utilize these fields in our CMDB (we only use CI Status), I guess we will have to customize something to autoclose.. We are moving towards San Diego at some point this year, so maybe that will change

Andrew

This needs to be in the main documentation (or at least called out better) because we overlooked the 'life cycle stage status=retired' portion of the first sentence.  Our CMDB uses 'Status=Retired' in order to retire out a CI, and these features have not been working.  Thank you for updating this community article, but these things should be made visible in the documentation, rather than here.

As to how this works, it's also problematic.  Multi selector field types are not updatable from a list view.  You can only do them from each CI field form, one at a time, or through scripting.  This negates a lot of the value from our perspective because CI management is difficult to manage at scale in ServiceNow.  It would be better to be a choice list in a drop down. 

Aaron Molenaar
Mega Guru

This post has a good description of what needs to be in place for this feature to work: https://www.servicenow.com/community/secops-forum/behavior-of-auto-close-vi-on-retired-ci-within-vr-...

FYL
Mega Sage

This release may have provide a solution to use non CSDM lifecycle stage field. 

Vulnerability Response release notes - Version 26.0.11 - May 2025

Vulnerability Response release notes


Improved accuracy for non-CSDM Vulnerability Response users: A system property (sn_sec_cmn.ci_lifecycle_status_source) has been introduced to help users who do not follow Common Service Data Model (CSDM) standards. This property ensures that DIs and associated VITs are properly marked as Decommissioned and are excluded from the CI Lookup. Additionally, the Retired Configuration Items PA indicator has been updated to accurately reflect CIs based on the decommissioning flags.