Change / Overwrite Individual VIT risk rating

superhumanben · 3 weeks ago

Is there any known way to manually change an individual VIT risk rating? I know you could do it via a calculator rule targeted for that specific CI/instance but that is a bit too specific and would lead to a runaway list of way too many rules.

We have instances where maybe not all findings of a vulnerability should be the same on every CI. There is nothing currently on our CI that would allow us to do this automatically (like adding another field for x criteria) and so we were hoping that maybe someone else has come across this in the past.

pavani_paluri · 3 weeks ago

Hi @superhumanben ,

I think this requirement needs a little bit of customization.

- Add a custom field (e.g., manual_risk_override) to the VIT table.
- Modify your risk calculator rule to check this field:
- If populated, use the override value.
- If empty, proceed with standard calculation.
- This allows selective manual control without proliferating calculator rules.

Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for

Kind Regards,

Pavani P

andy_ojha · 3 weeks ago

Hey there,

Would suggest exploring one of the VR Exception Request capabilities for Risk Reduction:

https://www.servicenow.com/docs/bundle/zurich-security-management/page/product/vr-vulnerability-mana...
This would apply to Vulnerable Item records today (VIT)