Remediation target rule with pause condition?

Ravish Shetty
Tera Guru

We are trying to use remediation target rules as a replacement for SLA's as we cannot use SLA's for Vulnerable item (sn_vul_vulnerable_item) records.

Unfortunately these rules do not have a pause condition out of box as of Kingston patch 6 and this has been confirmed by the SN support.

Can we have any workaround for pausing these remediation target rule calculation? Essentially our business case is to pause these calculation when a waiver request is submitted for any Vulnerability. Waiver requests have an end date. Once the date expires, these calculations are supposed to resume.

 

When we were using the SLA's, we achieved this by changing the state of a Vulnerable item to 'in review' when a Waiver is submitted. This would pause the SLA. There is a daily job which check if the Waiver request has expired and would change the state of the associated VI back to 'open' and this would resume the SLA.

 

find_real_file.png

1 ACCEPTED SOLUTION

Chris McDevitt
ServiceNow Employee
ServiceNow Employee

All,

If you look at traditional SLAs they are orchestrated by a workflow. Remediation Targets are just that, a target, not an agreement. This target is just blindly updated by the Scheduled Job. With that said, it is very confusing for the uses to see the "targets missed".

Here is what I would do: In the "Vulnerability State Change Approval" workflow, I would set the Remediation Target date to the date set by the Deferral approval as the new "Remediation Target" date for the item in question.

 

Go ahead and smash that helpful or correct button!

-Chris

 

View solution in original post

7 REPLIES 7

Dan Daugherty
ServiceNow Employee
ServiceNow Employee

Ravish,

Are you familiar with the deferral feature on the Vulnerable Item and Vulnerability Group? When you choose to defer either, you are prompted with a date picker that will allow you to choose when the item will open back up.

To do this, you can click on the Close/Defer button on the top of a Vulnerable Item. This button will be available when the Vulnerable Item is in an Open or Under Investigation state.

Yeah, we deactivated that feature because it didn't meet business expectation but i guess with remediation target rule in place its time to revisit that option.

I noticed that once the deferral is submitted and waiting approval, the remediation target rule cannot be paused. Is there a way to pause this while waiting for approval or rejection of the deferral?

jing3
Mega Guru

There is no need to pulse the Remediation Target date. 

 

There is a scheduled job to calculate the Remediation target (by default it is daily). For Vulnerable items in the Deferred state, the job will clear the Remediation target date. For vulnerability group, the remediation target date will be the closest date of Remediation target of all the vulnerable items.