Remediation Task - False positive/Reopen?

Miroslaw · ‎05-10-2022

Hi,

When I use "Mark as False Positive" button in Remediation Task, all associated VIs states got changed to Closed.

RT status is Closed.

And if I use Reopen button in RT, Remediation Task status changes from Closed to Open, but all associated Vulnerable Items not. All Vis remain Closed.

Is this behavior to be expected in SN? Can someone explain this?

Chris McDevitt · ‎05-10-2022

Hi,

Take a look at the States:

https://docs.servicenow.com/bundle/sandiego-security-management/page/product/vulnerability-response/concept/vulnerabillity-states.html

Basically, the intent is for a Scanner to "close" or "reopen" a VIT. The Fase positive is a way to say that this is not an issue and to "Close it" regardless of what the Scanner thinks. Once a VIT is in a closed State, reopening a Group does not affect this State.

View solution in original post

Chris McDevitt · ‎05-10-2022

Hi,

Take a look at the States:

https://docs.servicenow.com/bundle/sandiego-security-management/page/product/vulnerability-response/concept/vulnerabillity-states.html

Basically, the intent is for a Scanner to "close" or "reopen" a VIT. The Fase positive is a way to say that this is not an issue and to "Close it" regardless of what the Scanner thinks. Once a VIT is in a closed State, reopening a Group does not affect this State.

Miroslaw · ‎05-11-2022

Hi @Chris McDevitt

Thank you for clarifying

Miroslaw · ‎05-11-2022

Hi @Chris McDevitt

There is one thing I would like to ask.

When the user Reopen RT, all VIs remain Closed and RT status changes from Closed to Open.

What is the purpose of RT with Open status when all related VIs are Closed?

Chris McDevitt · ‎05-12-2022

Hi,

I agree that this is not an optimal situation. There is not really a great use case to have the RT open and all the VITs Closed. I guess in theory a user could reopen an RT and manually add more VIT? I am not sure why they would want to do this but they could?