How is Rollup Calculator applied to a Vulnerability Group

Go to solution
Jazz1
Kilo Contributor

‎01-29-2019 12:44 PM

Hi,

    I need to understand how the process behind rollup calculators works. I do know it uses a weighted average of scores but what I need to know is how do you apply a calculator to a vuln group or groups. Unlike vulnerability calculators where there is something called "Calculate Business Impact" I don't see anything similar for Rollup Calcs. 

Another question is I have two Rollup calculators defined in my Developer Instance, one that came with the base system and the other was a custom calculator I created. Now that there are two calculators, I presume the system will apply both the calculators to whatever vuln groups you want. How would you keep inactivate one and keep the other active? 

I did see a background job called Rollup Vulnerability Score which upon execution does not return anything. Where would I find the logs for this job in particular? 

Thanks

Jazz

Labels:
0 Helpfuls
  • 2,617 Views
1 ACCEPTED SOLUTION

Go to solution
Sandeep Kumar6
Giga Guru

‎03-14-2019 05:36 AM

Hi Jazz,

Vulnerability Calculator Group:   

  1. Risk Score
  2. Vulnerability Impact

The vulnerability rollup calculator is a background script, that performs its calculations based on the weighting assigned to different values. The calculator takes all the risk scores of the vulnerable items in a vulnerable group and bases its calculations on the following fields:

  • Maximum risk score
  • Average risk score
  • Count of vulnerable items

 

find_real_file.png

 

Vulnerability calculator groups automate calculations on multiple vulnerable items. Calculations are performed on risk scores, priorities, and assignment groups using one or more fields from the vulnerable item table. The condition for each calculator is evaluated in order, and the first matching calculator is used.

All enabled vulnerability calculators in the Vulnerability Calculator Group run each time a vulnerable item is changed or when the Calculate Business Impact related link in a vulnerable item is used. 

Business rule which are running to calculate Risk Score.

  • Update SI risk score

For reference :

https://community.servicenow.com/community?id=community_question&sys_id=1c08f3aedb8f2700f0612183ca961919

To calculate Risk score for Security Incident 

https://community.servicenow.com/community?id=community_question&sys_id=e2a051f1dbccf3005129a851ca9619ca

 

Please hit correct if this helped you.

Regards

Sandeep

View solution in original post

6 REPLIES 6

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎01-29-2019 01:36 PM

The Vulnerability Rollup Calculator looks at a Vul Groups VITS to calculate the Risk Score for the Vul Group only. It can not be used to calculate business impact. Also, I'm pretty sure there is just one Vulnerability Rollup Calculator. The Script Include that does the work is called "RollupCalculatorUtil" and it does not output to a log. What it does do is look at a Vul Groups VIT's and updates its Risk Score.

Please mark this as useful or correct so others can benefit from our conversation.

find_real_file.png

Preview file
269 KB
Preview file
100 KB

Go to solution
Jazz1
Kilo Contributor

‎01-29-2019 01:56 PM

Thank you Chris. As you said there is only one Rollup Calculator, it came with one (Out of the Box) but it lets you create another just like that. 

I am still new to the platform and I working on the Developer instance. How would you fire off the script includes RollupCalculatorUtil?

If I only want to limit it to one Vuln Group can I do so? My dataset has 6500 VITs and a dozen Vuln Groups. I wouldn't want to run the script against the entire dataset.

 

Thanks

Jazz

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎01-29-2019 02:34 PM

In theory, you only want one roll up calculator so you have a uniform scoring system across your full vulnerability landscape. Otherwise, remediators will never know what the risk score really means.  So, sick with one roll up the calculator. We have customers with Millions of Vits... so...

 

You probably should not need to limit this to just a single Vul Group. But... you can switch to the Rollup Develop view and add a check for that group in the script under the Calculator Developer tab.

See image on how to kick off the job:

 

find_real_file.png

Preview file
63 KB

Go to solution
Jazz1
Kilo Contributor

‎02-01-2019 06:20 AM

Thank you Chris for the update. This was exactly what I executed prior to posting this query. For some odd reason the system does not allow deletion of the other custom calculator. I had to expose the ACTIVE flag on the form and deactivate it. But the execution of the background job gave me nothing. There was a correction on the number of Vuln Groups I had reported. I had said I had over a dozen groups but the reality was far more than that and it is about 795 groups with 0 as the Risk Score.

I did tweak the constants in the form and the Calculator Developer script did show the new constants but a re-execution of the script did not yield any score. 

I just want to see how it effects the overall scoring of Vuln Items in a Group.

 

Thanks

Jazz