Domain setting in Remediation Task

TanayaGavande
Tera Expert

Hello All,

 

I have Qualys integration running for importing vulnerabilities. Please let me know if I am wrong about this:

  1. Vulnerable Items are imported through scanner into Discovered Items table.
  2. There items are mapped to CIs.
  3. The vulnerable items are grouped together as Remediation tasks via Remediation Task rules.

If this is correct, I cannot find how the domain is set for the Remediation Tasks. The domain of the Vulnerable Item is mapped correctly based on the CI domain, e.g. TOP/Some Company/Some Company. But, the remediation task for that vulnerability is not mapped correctly. It goes to the parent of the CI, i.e. TOP. 

 

So my question is, how is the domain set for Remediation Tasks? I don't find it in the Remediation Task rules.

4 REPLIES 4

Martin Dewit
Kilo Sage

I don't have much experience with Domains, but when looking at the Group by section within Remediation Tasks you can set the Vulnerable Item using field Domain as part of your rule. You can select the Domain or any element within Domain to Group by.

MartinDewit_0-1725557436946.png

 

Hi Martin, thanks a lot for your reply.

 

Yes, I have the vulnerability setting for that, but this only groups the vulnerabilities according to domain. This is happening already, but some of the Remediation tasks (with VIs in multiple domains) are grouped in a TOP domain remediation task. I am trying to find how it is set to TOP, if the VIs inside have different domains.

So the TOP domain remediation tasks are not following the Task Rules? If so, they may need to be deleted and reapply the Task Rules. One other thing would be to review the documentation on VR and domain separation - https://docs.servicenow.com/csh?topicname=domain-separation-vulnerability-response.html&version=late... 

Hi Martin,

Thanks for your reply.

However, the remediation tasks should not be created in the TOP domain in the first place. The vulnerable items inside it have a different domain present. Which is why I want to understand how domain is mapped for the remediation tasks.

I checked the documentation you provided. In there it is said that the remediation task rules are domain separated. The rules created in my instance are in the global domain. However, it is mapping most remediation tasks into the correct domain as is expected. Just a few are incorrectly mapped to the TOP domain.