Along with Granularity that Chris mentioned above, you may also want to look into using Vulnerability Classification Rules. They would allow you to identify Vulnerable Entries that are associated with Applications and the specific Application that each is associated with. Vulnerable Item Assignment rules can use that information to assign a VI to the group responsible for a given Application. Remediation Task Rules will then group the VI's by Assignment Group.
Here are some basic details:
a. Define Vulnerability Classification Rules to set the Classification and Classification Type for each Vulnerable Entry. You can use a condition builder or a script to determine what values you wish to assign. Some examples of what they could be are:
| Classification |
Classification Type |
| Application |
Java |
| Application |
Chrome |
| Application |
Browser |
| Platform |
Linux |
| Platform |
Windows Server |
| Platform |
VMWare |
b. Configure VI Assignment Rules to consider Vulnerability.Classification and Vulnerability.Classification Type when a VI is assigned.
c. Remediation Task grouping Rules are most likely already using VI.Assignment Group when creating Remediation Tasks.
Classification Rules are a relatively recent addition to VR (within the past year). The great thing about them is that they are run once, when a Vulnerability Entry is created. Often, this type of logic is duplicated in multiple Assignment Rules that are run each time a VI is assigned. Here is some documentation:
ā¢ https://docs.servicenow.com/bundle/tokyo-security-management/page/product/vulnerability-response/concept/vulnerability-classification-rules.html
ā¢ https://docs.servicenow.com/bundle/tokyo-security-management/page/product/vulnerability-response/task/create-classification-rule.html
I hope that this helps,
--Joe
