Rule-based remediation tasks, splitting and new VITs - choosing the right task?

Christoph4
Tera Contributor

Good morning,

 

I'm trying to figure out a scenario that involves remediation task (grouping) rules, manual splitting and updates when new VITs come in.

A remediation team member reported that he split one of his (rule-generated) remediation tasks to isolate a specific vulnerability and a couple of days later new items (not matching) were automatically added to his new remediation task.

I'm now trying to understand how the system picks a remediation task when grouping:

1) Let's assume we have a remediation task rule

2) It generates a single remediation task "TaskA" for an assignment group

3) Remediation owner splits the remediation task and generates a "TaskB" with a subset of the items from "TaskA"

4) If a new VIT comes in that matches the definition of the rule from (1), where does the new item get added and how does the system choose the right task? Let's further assume state is "Open" for both of them.

The observation we made was that in our case we think that new items were added to "TaskB" which does not necessarily make sense especially because they did not match the criteria used for the manual split.

 

Bonus question: where can I find the code that does grouping?

 

 Christoph

 

1 ACCEPTED SOLUTION

Hi Christoph,

I agree to the point you mentioned. Seeing your group rule, If the assignment group and selected business application is same for both the remediation task. Servicenow can randomly pick any remediation task. Maybe picking up the recently created one. 

Regards,

Deepankar Mathur

View solution in original post

5 REPLIES 5

Hi Christoph,

Need some time to review the code that is actually doing this work and answer your question but I had found script include that is doing the work. It goes by the name "VulnerableGroupRule"

https://instance.service-now.com/sys_script_include.do?sys_id=7fe113986710030017f141119585ef0e

Regards,

Deepankar Mathur