Can risk ratings on VITs or VULs be manually overridden?

Go to solution
LeslieC
Tera Expert

‎07-18-2022 03:35 PM

Hello!
Can the risk score on a vulnerability item or Remediation Task be manually changed? We do have risk rules set up but it doesn't work perfectly. Also, in some cases, our SIRT team will deem a vulnerability a higher risk than has been calculated. Is there a role or particular access level that allows this?

Thanks,

Leslie 

Labels:
0 Helpfuls
  • 755 Views
1 ACCEPTED SOLUTION

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎07-19-2022 02:14 PM

I think it is a bit more complicated than that.... because you could rerun the Risk Scoring; that manual score would be overwritten.

Here is what I have implemented in the past:

  • Add a priority flag to the Third-Party table and use that as part of your Risk Scoring
    • Grant the ability to set this flag
  • Add your own Scoring Field (Hide OOB) use a BR to populate it (and check to see if it populated already before the setting is)
    • Grant the ability to set this field

Of course, there are a few ways to solve this.... 

  • Tune your Risk Scoring
  • Flag the Thrid-Party table (i.e., at the Vulnerability Level - Third-party)
  • Set the value or a new value at the Vulnerable Item Level.

 

View solution in original post

3 REPLIES 3

Go to solution
Steven16
ServiceNow Employee
ServiceNow Employee

‎07-19-2022 01:18 PM

Have you tried various options and weighed scores related to your risk calculator to get the table of criticality and ratings that are relevant to your business assets.

 

0 Helpfuls

Go to solution
LeslieC
Tera Expert
In response to Steven16

‎07-21-2022 08:38 AM

Hi Steven,

Thanks for the response. We have done this. This would be for rare cases - one-offs, so to speak. 

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎07-19-2022 02:14 PM

I think it is a bit more complicated than that.... because you could rerun the Risk Scoring; that manual score would be overwritten.

Here is what I have implemented in the past:

  • Add a priority flag to the Third-Party table and use that as part of your Risk Scoring
    • Grant the ability to set this flag
  • Add your own Scoring Field (Hide OOB) use a BR to populate it (and check to see if it populated already before the setting is)
    • Grant the ability to set this field

Of course, there are a few ways to solve this.... 

  • Tune your Risk Scoring
  • Flag the Thrid-Party table (i.e., at the Vulnerability Level - Third-party)
  • Set the value or a new value at the Vulnerable Item Level.