How Priority and Risk Score calculated on Vul Groups

Go to solution
Khanna Ji
Tera Guru

‎01-20-2019 02:12 AM

I can see risk score calculated for vulnerable items through risk calculator but how it is calculated for vul groups? There is no calculator for vul groups. Does it consider the risk scores for all associated Vul items?

And how is the priority is set on the Vul group? How it is different then the associated vul items priority values?

Help me to understand these calculations.

find_real_file.png

Preview file
23 KB
0 Helpfuls
  • 2,975 Views
1 ACCEPTED SOLUTION

Go to solution
Sandeep Kumar6
Giga Guru

‎03-13-2019 01:57 AM

Hi Swati,

Vulnerability calculator groups automate calculations on multiple vulnerable items. Calculations are performed on risk scores, priorities, and assignment groups using one or more fields from the vulnerable item table. The condition for each calculator is evaluated in order, and the first matching calculator is used.

 

All enabled vulnerability calculators in the Vulnerability Calculator Group run each time a vulnerable item is changed or when the Calculate Business Impact related link in a vulnerable item is used. 

 

Business rule which are running to calculate Risk Score.

  • Update SI risk score

 

Vulnerability Calculator Group:   

  1. Risk Score
  2. Vulnerability Impact

The vulnerability rollup calculator is a background script, that performs its calculations based on the weighting assigned to different values. The calculator takes all the risk scores of the vulnerable items in a vulnerable group and bases its calculations on the following fields:

  • Maximum risk score
  • Average risk score
  • Count of vulnerable items

 

find_real_file.png

To calculate Risk score for Security Incident 

https://community.servicenow.com/community?id=community_question&sys_id=e2a051f1dbccf3005129a851ca9619ca

 

Please hit correct if this helped you.

Regards

Sandeep

View solution in original post

Preview file
330 KB
13 REPLIES 13

Go to solution
Nicole Allen1
Kilo Contributor

‎02-04-2019 04:26 PM

Hey Andy,

 

In London, it looks like the Vulnerability Calculator Groups form has changed. When you go to create a new calculator group, the form defaults the table to the vulnerable items table and it's read only, cannot be changed. How would you create a Vulnerability Calculator Group for the Vulnerability Group Table in London? I've configured the rollup calculator, now I want to create a calculator which sets the VUL Priority based on its risk score.

 

Thanks Andy!

 

Regards,

Nicole

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to Nicole Allen1

‎02-05-2019 10:19 AM

Hey Nicole - good observation here.

In releases prior to L, we had the ability to leverage the Vulnerability Calculator Groups on tables outside of <sn_vul_vulnerable_item>.

I can provide some feedback to the VR product folks and submit an enhancement to expose Vulnerability Calculator Groups to the Vulnerability Group <sn_vul_vulnerability> layer.

In the meantime, you could investigate creating a Business Rule on the <sn_vul_vulnerability> table, and have it run whenever the VUL.Risk score changes, to calculate and set a VUL.Priorty based on the VUL.Risk score value.

Hope that helps.

-Andy

Go to solution
Nicole Allen1
Kilo Contributor
In response to andy_ojha

‎02-05-2019 02:05 PM

Thanks Andy! If you could provide that feedback to the VR product team that would be great! I'm keen to investigate the business rule of the Vulnerability Group table - are there any help docs which explain where and how to do this? Sorry I'm new to ServiceNow/VR and also not very technical.

0 Helpfuls

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to Nicole Allen1

‎02-05-2019 05:14 PM

Welcome to ServiceNow land 🙂  You spotted a good observation here for being new to the platform and VR app.

It would be worth working with your internal SN Platform Team when configuring / developing here, until you can cover ServiceNow SysAdmin training and the VR Implementation training.  

I know this seems like a trivial configuration effort, but there are some moving parts to keep in mind.

Your organization's SN Team likely has some development standards and guidelines for activities like this (i.e. introducing a new Business Rule) - from technical best practices, to testing guidelines and ways to promote code from DEV to PROD.

Also, when developing in the SN Security Operations applications, such as Vulnerability Response, we need to consider that this is a scoped application and there are certain ways to developing in scoped applications, and capturing your work in update sets.

I suspect if you explain the use-case you are solving (i.e. update VUL.Priority based on VUL.Risk score, when the VUL.Risk score changes) to your internal SN Platform Team - they would be able to help you devise the Business Rule according to their development standards, get your code captured appropriately and do validation / testing / promotion to their standards.

I'd take a look at the following resources to kick this off:

https://docs.servicenow.com/bundle/london-application-development/page/script/business-rules/reference/r_HowBusinessRulesWork.html

https://www.youtube.com/watch?v=DLqkDxGVLbE

 

 

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-05-2019 08:16 AM

Nicole,

The Vulnerability Group Calculator is designed for VITS only. The Rollup Calculator (probably should have been called Risk Score Rollup) is only focused on calculating the Risk Score for the Vulnerability Group based on the underlying VITS.

 

I would recommend setting up a Scheduled Job (Calling a Script Include) for the sn_vul_vulnerability table that sets the Priority based on the Risk Score.

 

Please mark this as helpful or correct so others can benefit from our conversation.