How do I setup ServiceNow to auto recalculate risk score of VIT records when EPSS score is Updated

Go to solution
dan167
Tera Guru

‎03-18-2025 09:02 AM

How do I setup ServiceNow to auto recalculate risk score of VIT records when CVE fields like EPSS score are updated to a new score.

We have our risk calculator using Vul EPSS score, Vul severity, Vul access complexity v2, Vul exploit exists, Vul Attack Vector v3, CI data classification (custom field). So we want the risk score to be recalculated whenever one of these fields are updated.

I have updated the BR "Set recalculate flag" to look for changes in the fields we are targeting for our risk rule calculator but it does not appear to be changing the risk score unless I manually reapply the calculator or click the UI action to manually calculate the risk score. 

 

Is there something I am missing here?

0 Helpfuls
  • 1,095 Views
1 ACCEPTED SOLUTION

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee

‎03-24-2025 08:35 AM

Hey there - it's using the same Business Rule flavor and logic that you referenced on your original post.

  • Business Rule = "Set recalculate Flag"
    • Looks for changes in fields like Vuln Severity, Exploit Exists, Exploit Skill Level, Tenable VPR
  • Business Rule = "Set recalculate Flag (CISA)"
    • Looks for changes on the CISA KEV value 

Both of those Business Rules run on the base Vulnerability Entry (sn_vul_entry) table (which the Third-Party Entry table extends from).

 

They both will update a field called "Run vulnerability calculator", and set it the "True" - if the Business Rules pick up a particular change.

 

Then - the Scheduled Job, will find the Vuln Entry records with the "Run vulnerability calculator" set to <True>, by those Biz Rules (because something notable changed) > then find the related Vulnerable Items and run them through your configured Risk Scoring Calculators.

Once those Vuln Entry records are accounted for > their "Run vulnerability calculator" field will transition from <True> back to <False>.

 

Can you check your records on the [sn_vul_entry] table, and personalize your columns to include the "Run vulnerability calculator" field to be visible?   

You'll want to validate that your custom Biz Rule follows the logic of the 2 other Biz Rules mentioned above, and they are setting that field "Run vulnerability calculator" to <True> on the Vuln Entry records.

 

andy_ojha_0-1742830491571.png

 

 

 

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to dan167

‎03-24-2025 10:23 AM

Roger that... 

I agree with breaking up the validation into two steps:

  • 1) ensure the Biz rule is flagging the Vuln Entry for "re-calculation"
  • 2) ensuring the Scheduled Job handles those VITs referencing the Vulnerability flagged, through your Risk Score Calculator

What type of Risk Score Calculator have you wired up?  Is it a Weighted Risk Rule - or more of a Scripted Calculator?

 

At that point - the Risk Score Calculator setup should kick in again on those VITs.  

 

0 Helpfuls

Go to solution
dan167
Tera Guru
In response to andy_ojha

‎03-24-2025 11:05 AM

Using the default risk rule calculator. This is using weights to calculate the overall risk score.

Preview file
65 KB
0 Helpfuls