Reapplying Repair Tasks when Vulnerability Information is Updated in SeqOps-VR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2025 02:41 AM
We are using SeqOps-VR to import vulnerability information from a third party (InsightVM).
In addition, Remediation tasks are created based on the severity of the vulnerability in the Remediation task rules.
After low severity vulnerability information is disclosed and imported into ServiceNow,
Then, when the vulnerability information is detected as Exploit, etc., and the severity becomes High (Critical), etc., please let me confirm the case.
First, the vulnerability information is imported with a severity of Low, and a Remediation task with a severity of Low is generated.
<ex>
vulnerable items | Remediation task (grouped by severity)
001|Severity Low:RT_A
002|Severity Low:RT_A
003|Severity Low:RT_A
004|Severity Critical:RT_B
005|Severity Critical:RT_B
In the above situation, suppose that the severity of vulnerable item 001 changes from Low to Critical.
In this case, the severity of vulnerable Item 001 is updated to Critical, but the Remediation task rules are automatically reapplied,
Will the Remediation task associated with vulnerable item 001 change from RT_A to RT_B?(★)
<ex>
vulnerable item|Remediation task (grouped by severity)
001|Severity Low → Critical:RT_A → RT_B (★Changed to RT_B?)
002|Severity Low:RT_A
003|Severity Low:RT_A
004|Severity Critical:RT_B
005|Severity Critical:RT_B
Looking at the Docs for the following *, it talks about “Refreshing vulnerable items automatically” but it says “Vulnerable item refresh automation applies only to remediation tasks created using the condition filter or filter group. Automation does not apply to VIs that were added manually or grouped using Remediation Task Rules.” and it appears that it does not apply if you are using a Remediation Task Rule.
The “Understanding remediation task rules” section also states, “
When a new vulnerable item is created, imported, or reopened after being closed, the vulnerability rules are evaluated against it. A VI is only evaluated once, automatically, unless it is reopened after being closed or the rules are reapplied manually.”
It appears that the Remediation Task Rule will not be re-evaluated if the existing vulnerability information or Vulnerable item is updated.
Is there a function to automatically update/change the Remediation task associated with the vulnerable item when the vulnerable item associated with the Remediation task created by the reRemediationpair task rule is updated?