Confused about Remediation Task Rules, when do they run/trigger?

Go to solution
Ketil Ellertsen
Kilo Expert

‎05-19-2022 12:45 AM

Hi!

I have set up a remediation task rule, that groups based on assigned_to field and vulnerability. When I click the reapply button, it correctly deletes all existing VULs related to the rule and creates new, which contain any VIT meeting the condition. 

However, when new VITs are created these are not automatically added to existing VULs, even though they satisfy the conditions. I saw in the documentation that only VULs created through condition filter/filter groups that are updated automatically. If that is the case, what is the point of having these Remediation Task Rules? It feels like I am missing something. 

 

The remediation task rule in question:

find_real_file.png

Labels:
Preview file
83 KB
Preview file
83 KB
0 Helpfuls
  • 5,251 Views
1 ACCEPTED SOLUTION

Go to solution
Ketil Ellertsen
Kilo Expert
In response to Chris McDevitt

‎05-19-2022 07:18 AM

Hi Chris!

Thanks for taking the time to reply. What you are saying makes sense.

However, that means something is wrong in our instance. Whenever I create new VITs they are not added to existing VULs (which are in state open) nor is any new VUL created. I am not sure as to why it is not working. As I've mentioned above, when I use the reapply function, it works fine.

Any suggestion as where to look for an error? I've looked for scheduled jobs but I could not find what triggers it.

While writing this, I realized I had not checked the business rules. And there I found the issue: I was not fulfilling the conditions for triggering the "Link to Remediation Tasks" BR. When creating the VITs correctly, it now works! 

Thanks for your help! 

View solution in original post

Preview file
12 KB
Preview file
32 KB
Preview file
37 KB
Preview file
2 KB
Preview file
37 KB
0 Helpfuls
13 REPLIES 13

Go to solution
William Froger
Tera Contributor

‎05-19-2022 02:45 AM

Hi Ketil,

 

Not an expert and currently working on the same topic. It seems that if a VIT has already been assigned to a group or user, it won't be reassigned.

I am also wondering wether remediation task rules can be imported within an update set. Do you have any idea ?

Regards

0 Helpfuls

Go to solution
Ketil Ellertsen
Kilo Expert
In response to William Froger

‎05-19-2022 03:33 AM

Hi William!

Thank you for the reply. Maybe I was unclear in my OP. The question is, will a remediation task rule assign new VITs to VULs (either existing or create new)?

 

Regarding your question, there is a related link for adding Remediation Task Rules to update sets:

find_real_file.png

As far as I know, they don't get added automatically. 

 

Cheers!

Preview file
10 KB
0 Helpfuls

Go to solution
William Froger
Tera Contributor
In response to Ketil Ellertsen

‎05-19-2022 11:16 PM

Hi Ketil !

Thanks for your reply, this will be very useful.

Have a nice day !

Cheers

0 Helpfuls

Go to solution
Stephen Laseau
Kilo Guru

‎05-19-2022 05:12 AM

See the diagram on this web page.  Note one correction - Vulnerability Group Rules in the diagram are now called Remediation Task Rules.

https://docs.servicenow.com/bundle/sandiego-security-management/page/product/vulnerability-response/concept/cj-common-vuln-tasks.html#cj-common-vuln-tasks

The Remediation Task Rules fire last after all the other rules - assignment, risk, task rules - after insert of a VIT.

To answer the other question posed, VITs will be added to whatever Remediation Tasks for which they meet the criteria.  So a VIT can be put in multiple remediation tasks.  So when building the rules you generally want to ensure they are mutually exclusive to that they dont get assigned to multiple remediation teams.  There are exceptions to this of course.