Third Party Vulnerability Entries and vulnerable items

Go to solution
Dommer
Tera Contributor

‎10-17-2022 08:48 AM - edited ‎10-17-2022 08:59 AM

Hi,

 

Do Vulnerable Items get created and assigned a risk score based off of the risk score in the third party entries?

 

Thanks,

0 Helpfuls
  • 903 Views
1 ACCEPTED SOLUTION

Go to solution
Wojciech Werysz
Kilo Guru

‎10-18-2022 05:29 AM - edited ‎10-18-2022 05:43 AM

Hi @Dommer

Risk score is assigned based on Vulnerability Calculators. Please find the link to the documentation below, but also screenshots how to get to Vulnerability Calculators and explanation how Risk Score and Risk Rating are created.

 

Vulnerability Response calculators and vulnerability calculator rules (servicenow.com)

vul calc.png

Please make sure You are going to the location through:

 Vulnerability Response>Administration>Vulnerability Calculators

and not through:

 Application Vulnerability Response> Vulnerability Calculators

vul cacl 2.png

vul cacl 3.png

 And finally in picture beneath you can see the Risk/Vulnerability Calculator which is provided by Snow Vulnerability Response by default and you have possibility to modify what factors should be taken into consideration to caclulate the risk score and their weights. 

vul callc 4.png

 

By Default you have also Vulnerability Severity calculator, which calculates Risk Rating based on Risk Score.

vulnerability severity.png

View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
Nikan Keyhani
Mega Guru

‎10-18-2022 05:18 AM

Hey Dommer, 

 

Vulnerable Items receive a risk score based on the Vulnerability Calculators that are in use. 

This can differ from instance to instance, since the Vulnerability calculators can be configured. 

 

If you have access I would recommend you to review under: Vulnerability Response>Administration>Vulnerability Calculators.

From there you will be able to review all the calculators in use, and on top of that you can check the exact matrix, used for the risk score calculation, with respective examples.

0 Helpfuls

Go to solution
Wojciech Werysz
Kilo Guru

‎10-18-2022 05:29 AM - edited ‎10-18-2022 05:43 AM

Hi @Dommer

Risk score is assigned based on Vulnerability Calculators. Please find the link to the documentation below, but also screenshots how to get to Vulnerability Calculators and explanation how Risk Score and Risk Rating are created.

 

Vulnerability Response calculators and vulnerability calculator rules (servicenow.com)

vul calc.png

Please make sure You are going to the location through:

 Vulnerability Response>Administration>Vulnerability Calculators

and not through:

 Application Vulnerability Response> Vulnerability Calculators

vul cacl 2.png

vul cacl 3.png

 And finally in picture beneath you can see the Risk/Vulnerability Calculator which is provided by Snow Vulnerability Response by default and you have possibility to modify what factors should be taken into consideration to caclulate the risk score and their weights. 

vul callc 4.png

 

By Default you have also Vulnerability Severity calculator, which calculates Risk Rating based on Risk Score.

vulnerability severity.png

0 Helpfuls

Go to solution
Dommer
Tera Contributor

‎10-19-2022 11:48 AM

Thanks all!

0 Helpfuls