How Priority and Risk Score calculated on Vul Groups

Go to solution
Khanna Ji
Tera Guru

‎01-20-2019 02:12 AM

I can see risk score calculated for vulnerable items through risk calculator but how it is calculated for vul groups? There is no calculator for vul groups. Does it consider the risk scores for all associated Vul items?

And how is the priority is set on the Vul group? How it is different then the associated vul items priority values?

Help me to understand these calculations.

find_real_file.png

Preview file
23 KB
0 Helpfuls
  • 2,979 Views
1 ACCEPTED SOLUTION

Go to solution
Sandeep Kumar6
Giga Guru

‎03-13-2019 01:57 AM

Hi Swati,

Vulnerability calculator groups automate calculations on multiple vulnerable items. Calculations are performed on risk scores, priorities, and assignment groups using one or more fields from the vulnerable item table. The condition for each calculator is evaluated in order, and the first matching calculator is used.

 

All enabled vulnerability calculators in the Vulnerability Calculator Group run each time a vulnerable item is changed or when the Calculate Business Impact related link in a vulnerable item is used. 

 

Business rule which are running to calculate Risk Score.

  • Update SI risk score

 

Vulnerability Calculator Group:   

  1. Risk Score
  2. Vulnerability Impact

The vulnerability rollup calculator is a background script, that performs its calculations based on the weighting assigned to different values. The calculator takes all the risk scores of the vulnerable items in a vulnerable group and bases its calculations on the following fields:

  • Maximum risk score
  • Average risk score
  • Count of vulnerable items

 

find_real_file.png

To calculate Risk score for Security Incident 

https://community.servicenow.com/community?id=community_question&sys_id=e2a051f1dbccf3005129a851ca9619ca

 

Please hit correct if this helped you.

Regards

Sandeep

View solution in original post

Preview file
330 KB
13 REPLIES 13

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-05-2019 10:36 AM

I agree with you, create a calculator based on risk and set the priority.

 

E.g if risk is >=90 then priority critical

if risk is >= 60 then priority High and so on

0 Helpfuls

Go to solution
Sandeep Kumar6
Giga Guru

‎03-13-2019 01:57 AM

Hi Swati,

Vulnerability calculator groups automate calculations on multiple vulnerable items. Calculations are performed on risk scores, priorities, and assignment groups using one or more fields from the vulnerable item table. The condition for each calculator is evaluated in order, and the first matching calculator is used.

 

All enabled vulnerability calculators in the Vulnerability Calculator Group run each time a vulnerable item is changed or when the Calculate Business Impact related link in a vulnerable item is used. 

 

Business rule which are running to calculate Risk Score.

  • Update SI risk score

 

Vulnerability Calculator Group:   

  1. Risk Score
  2. Vulnerability Impact

The vulnerability rollup calculator is a background script, that performs its calculations based on the weighting assigned to different values. The calculator takes all the risk scores of the vulnerable items in a vulnerable group and bases its calculations on the following fields:

  • Maximum risk score
  • Average risk score
  • Count of vulnerable items

 

find_real_file.png

To calculate Risk score for Security Incident 

https://community.servicenow.com/community?id=community_question&sys_id=e2a051f1dbccf3005129a851ca9619ca

 

Please hit correct if this helped you.

Regards

Sandeep

Preview file
330 KB

Go to solution
DikshaS
Tera Contributor
In response to Sandeep Kumar6

‎06-11-2023 09:38 AM

Hi Sandeep,

In Remediation task table I ca see the records with risk score as 0. Also I have checked the history of that record if any risk score update to 0 but that is not the case. Also I have 1 vulnerable item inside that with open state and risk score.

I tried updating the Remediation task risk score from related link "update status" it is getting updated from 0 to some other number. but when I tried same code written on ui action-"Update status" from background and scheduled job for all the remediation task where risk score is 0. It dosenot work at all.

So For some of remediation task record it is not calculating automatically as I stated it is zero untill I manually hit the update status related link.

 

Also I have custom Risk calculator for VITs where I am mapping the highest detection score value to risk score. if detection score has single record for that particular VIT then the same score set to risk score.

Is there anything causing issue for Remediation task risk records(only some of the records are not updating , though it is having VITS in open state.)

Kindly help.

Thanks in advance.

0 Helpfuls

Go to solution
Dhanraj B
Tera Expert
In response to DikshaS

‎06-11-2023 10:57 PM

Hi @DikshaS 

 

Try executing "Rollup vulnerable item values to vulnerability and group" Scheduled job. It might help you to populate Risk score.

 

-Dhanraj

0 Helpfuls