Delete all vulnerable items and groups

Go to solution
Geeky
Kilo Guru

‎05-29-2019 10:16 AM

Hi All,

All the vulnerable items and groups have been imported when I just enabled Knowledge base even before I setup group rules and assignment rules. Now I want to delete them and rerun the import.

Is it fine to do that?

0 Helpfuls
  • 1,992 Views
1 ACCEPTED SOLUTION

Go to solution
Dan Daugherty
ServiceNow Employee
ServiceNow Employee
In response to Geeky

‎05-30-2019 06:39 AM

The safest way is to delete your VI's and VG's so that all the business rules run and clean out the related data too.

 OR

You can avoid deleting when testing your group rules by deleting any offending groups and then running this script AS A FIX SCRIPT:

//Create a fix script under the Vulnerability Scope and run this after deleting the Vulnerability Groups you no longer want

var vgr = new sn_vul.VulnerableGroupRule()
var vi = new GlideRecord('sn_vul_vulnerable_item');
//add any queries you may want
vi.setLimit(100); //placed here to prevent a possible massive update that will impact performance. Remove when 100% sure your query is correct and you're prepared to let this run for a while
vi.query();
 while (vi.next()) {
  vgr.groupItemByVulnGroupRule(vi);
}
 
Assignments happen at the group level, so you should get new assignments for the group when the new ones are created.
 
Hope this helps.

View solution in original post

11 REPLIES 11

Go to solution
Slade1
Mega Contributor

‎05-29-2019 11:01 AM

While I can't speak to your specific configuration, I can say that I found myself in the same situation as you.  We are bringing in vulnerability data from Rapid 7 and did not get group rules set up as we needed prior to our data integration.  I have since purged that data, created my rules and re-imported without issue.

Go to solution
Geeky
Kilo Guru
In response to Slade1

‎05-29-2019 11:14 AM

I am using Qualys in my case. How did you purge the data?

Did you just delete vulnerable items and vulnerability groups? Can you share the steps please?

Appreciate your help.

Go to solution
Dan Daugherty
ServiceNow Employee
ServiceNow Employee
In response to Geeky

‎05-30-2019 06:39 AM

The safest way is to delete your VI's and VG's so that all the business rules run and clean out the related data too.

 OR

You can avoid deleting when testing your group rules by deleting any offending groups and then running this script AS A FIX SCRIPT:

//Create a fix script under the Vulnerability Scope and run this after deleting the Vulnerability Groups you no longer want

var vgr = new sn_vul.VulnerableGroupRule()
var vi = new GlideRecord('sn_vul_vulnerable_item');
//add any queries you may want
vi.setLimit(100); //placed here to prevent a possible massive update that will impact performance. Remove when 100% sure your query is correct and you're prepared to let this run for a while
vi.query();
 while (vi.next()) {
  vgr.groupItemByVulnGroupRule(vi);
}
 
Assignments happen at the group level, so you should get new assignments for the group when the new ones are created.
 
Hope this helps.

Go to solution
Geeky
Kilo Guru
In response to Dan Daugherty

‎05-30-2019 06:48 AM

Hey Dan, thanks for responding. So you recommend to delete the VIs first and them VGs manually by going to the table user view.

Have you done this before? Just wanted to check.