Reapply vulnerability item assignment rules and vulnerability group rules

Feddy
Kilo Sage

Hi All, 
We have a requirement where we need to reapply vulnerability assignment group rules since cmdb records are changing continuously. I noticed that if we activate  OOTB scheduled job "Reapply all vulnerability assignment rules" (in inactive state by default), it really run all the rules on open VIT . My Question here is can we include only specific rule to run in the job? Alos it does update the group correctly but it didnot delete vulnerability group .I need to reapply the vulnerability group rule manually. 

Please give your inputs on , 
 1. How to reapply specific vulnerability assignment group rule (it runs all the rule in OOTB)
 2. How to automate reapply of vulnerability group rule? ( I need to do it manually by opening individual vul group rule and click reapply action)
3. What else needs to be considered when we activate the scheduled job? 

Thanks in Advance

6 REPLIES 6

Ashutosh Munot1
Kilo Patron
Kilo Patron

HI,

We can do this but we have to edit the script include which does this.

 

Name: AssignmentUtils

 

I would suggest to copy this script and then create a copy edit as per need and then hard code the rule and run using other scheduled job.

 

Thanks,
Ashutosh

How to reapply vulnerability group rules?
when a reapply job (to reapply vulnerability assignment rules) runs, it just updates the assignment group of the vulnerability item and it doesn't regroup the vulnerability groups. I had to do it manually by clicking reapply action in vulnerability group rules.

Piyush Madhukar
ServiceNow Employee
ServiceNow Employee

1. How to reapply specific vulnerability assignment group rule (it runs all the rule in OOTB)

Answer: AssignmentUtils script can be customised to specify the rules that you want to run

2. How to automate reapply of vulnerability group rule? ( I need to do it manually by opening individual vul group rule and click reapply action)

 
 
Answer: new sn_vul.VulnerabilityGroupRuleProcessor().deleteAndCreateGroupsBackground(ruleIds);

A scheduled job can be created which will pass the vul group rule sysid to the above code snippet. 


3. What else needs to be considered when we activate the scheduled job?  

Answer: The impact on performance needs to be taken care of as it will run on all the VIs.

Thank you so much for your response. I already tried this in my personal instance and I could able to run the job to regroup the vul items. I have one question, When we click OOTB 'Reapply' action it creates the entry in Background jobs(sn_sec_cmn_background_job) , Do I need to consider this functionality as well?