Third Party Vulnerability Entries and vulnerable items

Dommer
Tera Contributor

Hi,

 

Do Vulnerable Items get created and assigned a risk score based off of the risk score in the third party entries?

 

Thanks,

1 ACCEPTED SOLUTION

Wojciech Werysz
Kilo Guru

Hi @Dommer

Risk score is assigned based on Vulnerability Calculators. Please find the link to the documentation below, but also screenshots how to get to Vulnerability Calculators and explanation how Risk Score and Risk Rating are created.

 

Vulnerability Response calculators and vulnerability calculator rules (servicenow.com)

vul calc.png

Please make sure You are going to the location through:

 Vulnerability Response>Administration>Vulnerability Calculators

and not through:

 Application Vulnerability Response> Vulnerability Calculators

vul cacl 2.png

vul cacl 3.png

 And finally in picture beneath you can see the Risk/Vulnerability Calculator which is provided by Snow Vulnerability Response by default and you have possibility to modify what factors should be taken into consideration to caclulate the risk score and their weights. 

vul callc 4.png

 

By Default you have also Vulnerability Severity calculator, which calculates Risk Rating based on Risk Score.

vulnerability severity.png

View solution in original post

3 REPLIES 3

Nikan Keyhani
Mega Guru

Hey Dommer, 

 

Vulnerable Items receive a risk score based on the Vulnerability Calculators that are in use. 

This can differ from instance to instance, since the Vulnerability calculators can be configured. 

 

If you have access I would recommend you to review under: Vulnerability Response>Administration>Vulnerability Calculators.

From there you will be able to review all the calculators in use, and on top of that you can check the exact matrix, used for the risk score calculation, with respective examples.

Wojciech Werysz
Kilo Guru

Hi @Dommer

Risk score is assigned based on Vulnerability Calculators. Please find the link to the documentation below, but also screenshots how to get to Vulnerability Calculators and explanation how Risk Score and Risk Rating are created.

 

Vulnerability Response calculators and vulnerability calculator rules (servicenow.com)

vul calc.png

Please make sure You are going to the location through:

 Vulnerability Response>Administration>Vulnerability Calculators

and not through:

 Application Vulnerability Response> Vulnerability Calculators

vul cacl 2.png

vul cacl 3.png

 And finally in picture beneath you can see the Risk/Vulnerability Calculator which is provided by Snow Vulnerability Response by default and you have possibility to modify what factors should be taken into consideration to caclulate the risk score and their weights. 

vul callc 4.png

 

By Default you have also Vulnerability Severity calculator, which calculates Risk Rating based on Risk Score.

vulnerability severity.png

Dommer
Tera Contributor

Thanks all!