Fast track solution for expediting particular CVE:s with notifications

Manuela Jaroszz
Tera Contributor

‎04-04-2025 05:57 AM

Hello everyone, I’m looking to set up a fast-track solution for managing critical CVEs (Common Vulnerabilities and Exposures) that require immediate attention. Here’s a brief overview of what I’m aiming to achieve:

  1. Ad Hoc Remediation Targets:
    I need a way for our business to establish ad hoc remediation targets for critical CVEs that must be addressed quickly.
  2. Dynamic Notification System:
    It’s essential to implement a notification system based on the assignment logic for vulnerabilities. Specifically, I want the assignment group to align with the support group of the Configuration Item (CI).

Current Challenge:
The remediation target functionality we have only allows for static group or user assignments, which poses a challenge in achieving the dynamic assignment I’m looking for. 
I’m seeking ideas and strategies to effectively implement dynamic remediation targets and ensure timely notifications for critical CVEs. Any insights or suggestions from the community would be greatly appreciated! Thank you!

Labels:
0 Helpfuls
  • 715 Views
3 REPLIES 3

joe_harvey
ServiceNow Employee
ServiceNow Employee

‎04-04-2025 01:08 PM

Hi Manuela, 

 

You should take a look at Remediation Efforts. They are designed to isolate and target specific Vulnerable Items. Remediation progress is tracked in a dashboard in the Vulnerability Manager Workspace. To use them, you would need to create:

  • Watch Topics that allows you to filter for the Vulnerable Items that you want to target. This filtering can include any data associated with VI's. 
  • Remediation Efforts that pull in the VI's associated with a Watch Topic, add them to new Remediation Tasks and, the Remediation Effort itself.
  • Remediation Target Rules to set Remediation Target Dates for VI's based on "In remediation effort" value in each VI. Those dates would in turn roll up to the Remediation Tasks and finally into the Remediation Effort.
  • Notifications as desired on the new Remediation Tasks if they aren't already in place.

 

Documentation:

I hope that this helps!

--Joe

0 Helpfuls

Manuela Jaroszz
Tera Contributor

‎04-07-2025 04:50 AM

Hi Joe, Thank you for your response and for explaining how to achieve this. I have a question regarding how the remediation target rule functions. If there is already one matching remediation target rule applied to the VI and then a new remediation effort is created, will there be two matching remediation target rules for the same VI? Will the second rule be applied to the VI, and if so, how? I don't see any way to set an "order" for the remediation target records.
 
0 Helpfuls

joe_harvey
ServiceNow Employee
ServiceNow Employee
In response to Manuela Jaroszz

‎04-07-2025 01:05 PM

Hey Manuela,

The job that applies the Remediation Target Rules evaluates each rule in order, starting with the one with the shortest remediation period. If two rules match to the same VI, the one with the shortest (most aggressive) remediation period is applied.

 

This is from documentation on the Evaluate remediation targets job, found in the link below:

It iterates through all active vulnerability rules, starting with those rules with the earliest remediation target date. It looks at all vulnerable items that

  • Aren’t in a Closed, Deferred, or Resolved state.
  • Have no remediation target date.
  • Have a remediation target date that is later than the date in the remediation target rule.

 

Documentation Remediation Target Rules: https://www.servicenow.com/docs/bundle/xanadu-security-management/page/product/vulnerability-respons...

 

I hope that this helps!

--Joe

0 Helpfuls