Remediation Target Rules
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2025 06:01 AM
So, my vuln analysts are wondering if there is any way to have the remediation target use a base of when a VIT is assigned to a service now group. The reason being that the remediation teams are complaining because as certain items get assigned (like we keep. a bunch of lows unassigned, but something changes to make it high), they get the VIT and it is already out of remediation target date.
Any thoughts on how that would work?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2025 06:23 AM
We've run into this too a few times. Our experience is slightly different in that we assign all VITs regardless of severity, but we don't necessarily require remediation on all. But whether we require remediation on all or not, there are scenarios with the Risk Rating changes from a Low (not required to remediate) or a Medium (3 months to remediate) to a Critical (15 days to remediate) and once that happens, it is already overdue and the status changes to Missed Target immediately upon changing the Risk Rating.
Interested if there is a way to have the clock start from the point the escalation in Risk Rating takes place.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2025 06:25 AM
so u can a create a business rule to reset the open/last open date upon change of assignment group, this will cover re-assignment use case as well. Also, only open, in progress may only be considered !
Hope this help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2025 08:25 AM
I am guessing we could also create a business rule that states if the Risk Rating of the VIT has increased (ex. Low to High), then recalculate the Remediation Target? Do you know if that is possible?