- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2025 06:01 AM
So, my vuln analysts are wondering if there is any way to have the remediation target use a base of when a VIT is assigned to a service now group. The reason being that the remediation teams are complaining because as certain items get assigned (like we keep. a bunch of lows unassigned, but something changes to make it high), they get the VIT and it is already out of remediation target date.
Any thoughts on how that would work?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2025 06:25 AM
so u can a create a business rule to reset the open/last open date upon change of assignment group, this will cover re-assignment use case as well. Also, only open, in progress may only be considered !
Hope this help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2025 06:25 AM
Forgot to follow up on this as I did end up creating a business rule that did this and it works great. Also found the filter that let me have the business rule filter out only if that was done by vulnerability assignment owner or or vulnerability admin. This way the remediation owners can't game the system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2025 09:51 AM
Some customers have raised concerns about recalculating the Remediation Target Date every time a VIT is reassigned. Their worry is that remediation teams could use reassignment to artificially extend SLAs, which would create inconsistencies in audit trails and reporting.
Could you please share your thoughts on this?
Thanks,
Sarath S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
@Sarath S , we implemented 26.4.4 in our DEV environment and I don't believe we are getting the results we would expect. We will likely open a ticket with ServiceNow Support. Here is our scenario.
Remediation Target Rules are all set to "Recalculate from Risk Change Date and always set to earliest target date".
Vulnerability in AppVR was created on 1/2/2026 with a Risk Rating of High and a Remediation Target date of 4/2/2026 (90 days for High).
On 1/22/2026, the Risk Score and Risk Rating were changed (lowered) to Medium and the new Remediation Target date was set to 7/1/2026 (180 days for Medium).
With the settings we put in place, I would have thought it would have left the Remediation Target date at 4/2/2026 because that is the earlier of the two remediation target dates.
