Rule-based remediation tasks, splitting and new VITs - choosing the right task?

Christoph4 · ‎04-13-2022

Good morning,

I'm trying to figure out a scenario that involves remediation task (grouping) rules, manual splitting and updates when new VITs come in.

A remediation team member reported that he split one of his (rule-generated) remediation tasks to isolate a specific vulnerability and a couple of days later new items (not matching) were automatically added to his new remediation task.

I'm now trying to understand how the system picks a remediation task when grouping:

1) Let's assume we have a remediation task rule

2) It generates a single remediation task "TaskA" for an assignment group

3) Remediation owner splits the remediation task and generates a "TaskB" with a subset of the items from "TaskA"

4) If a new VIT comes in that matches the definition of the rule from (1), where does the new item get added and how does the system choose the right task? Let's further assume state is "Open" for both of them.

The observation we made was that in our case we think that new items were added to "TaskB" which does not necessarily make sense especially because they did not match the criteria used for the manual split.

Bonus question: where can I find the code that does grouping?

Christoph

dmathur09 · ‎04-18-2022

Hi Christoph,

I agree to the point you mentioned. Seeing your group rule, If the assignment group and selected business application is same for both the remediation task. Servicenow can randomly pick any remediation task. Maybe picking up the recently created one.

Regards,

Deepankar Mathur

View solution in original post

dmathur09 · ‎04-28-2022

Hi Christoph,

Need some time to review the code that is actually doing this work and answer your question but I had found script include that is doing the work. It goes by the name "VulnerableGroupRule"

https://instance.service-now.com/sys_script_include.do?sys_id=7fe113986710030017f141119585ef0e

Regards,

Deepankar Mathur