Reapply vulnerability item assignment rules and vulnerability group rules

Feddy
Kilo Sage

‎08-04-2020 11:17 PM

Hi All, 
We have a requirement where we need to reapply vulnerability assignment group rules since cmdb records are changing continuously. I noticed that if we activate  OOTB scheduled job "Reapply all vulnerability assignment rules" (in inactive state by default), it really run all the rules on open VIT . My Question here is can we include only specific rule to run in the job? Alos it does update the group correctly but it didnot delete vulnerability group .I need to reapply the vulnerability group rule manually. 

Please give your inputs on , 
 1. How to reapply specific vulnerability assignment group rule (it runs all the rule in OOTB)
 2. How to automate reapply of vulnerability group rule? ( I need to do it manually by opening individual vul group rule and click reapply action)
3. What else needs to be considered when we activate the scheduled job? 

Thanks in Advance

0 Helpfuls
  • 2,936 Views
6 REPLIES 6

Ashutosh Munot1
Kilo Patron
Kilo Patron

‎08-05-2020 01:46 AM

HI,

We can do this but we have to edit the script include which does this.

 

Name: AssignmentUtils

 

I would suggest to copy this script and then create a copy edit as per need and then hard code the rule and run using other scheduled job.

 

Thanks,
Ashutosh

Feddy
Kilo Sage
In response to Ashutosh Munot1

‎08-06-2020 02:58 AM

How to reapply vulnerability group rules?
when a reapply job (to reapply vulnerability assignment rules) runs, it just updates the assignment group of the vulnerability item and it doesn't regroup the vulnerability groups. I had to do it manually by clicking reapply action in vulnerability group rules.

0 Helpfuls

Piyush Madhukar
ServiceNow Employee
ServiceNow Employee

‎08-12-2020 11:24 PM

1. How to reapply specific vulnerability assignment group rule (it runs all the rule in OOTB)

Answer: AssignmentUtils script can be customised to specify the rules that you want to run

2. How to automate reapply of vulnerability group rule? ( I need to do it manually by opening individual vul group rule and click reapply action)

 
 
Answer: new sn_vul.VulnerabilityGroupRuleProcessor().deleteAndCreateGroupsBackground(ruleIds);

A scheduled job can be created which will pass the vul group rule sysid to the above code snippet. 


3. What else needs to be considered when we activate the scheduled job?  

Answer: The impact on performance needs to be taken care of as it will run on all the VIs.

Feddy
Kilo Sage
In response to Piyush Madhukar

‎08-17-2020 03:08 AM

Thank you so much for your response. I already tried this in my personal instance and I could able to run the job to regroup the vul items. I have one question, When we click OOTB 'Reapply' action it creates the entry in Background jobs(sn_sec_cmn_background_job) , Do I need to consider this functionality as well?

 

 
0 Helpfuls