Vulnerability item(VIT) did not close after 90 days of last detection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2025 01:49 AM
Hi,
Vulnerability items needs to be closed after 90 days of last detected date as per the configuration but one of VIT did not close
The VIT is currently under "In review" status
Under the detection tab, the last found date is 26-07-2024 21:38:55

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2025 10:21 AM
Hey there...
On the Auto-Close Rule configuration, can you share what the configuration currently looks like for the "Condition" and "Ignore deferred items".
Would start by confirming the setting employed for "Ignore deferred items" in your Auto-Close rule:
- If the box is checked it will not close the VIT that is in Deferred for In Review State
----------------------------------------------------------
On the observed Vulnerable Item record here, how many Detection records are associated to it, is there only one Detection?
What are the Status and Last Found values on the associated Detections for that VIT?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2025 01:49 AM
Hi, Thanks for your reply
I have checked the Auto close configuration and
The option " Ignore stale detections for deferred VIs " is enabled
There is only one Detection and its status is "Open" also source status is also "Open"
The Last found date is 26-07-2024 21:38:55
Unfortunately am unable to share the screenshot.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2025 08:36 AM
Hey there - sounds good.
On your Auto-Close configuration - when you open the list of records, how many show Active = True?
What condition, have we specified on the Active Auto-Close Rules?
What is the "Integration Type" selected on the Auto-Close Rule?
There also is a check, depending on the 3rd party scanner being used - to see if we have recently run the "Comprehensive Job" that is shipped with the relevant Store App for that Scanner (e.g. Rapid7 Comprehensive Job)
- Can you check to see if you have a Comprehensive Job and if it was recently ran within the past 7d?
You can read which integrations require running the Comprehensive Job for the Auto-Close feature:
- https://www.servicenow.com/docs/bundle/yokohama-security-management/page/product/vulnerability-respo...
This may help further diagnose what is occurring.
I'd also suggest opening a NOW Support Case in the interim to help triage the issue - as sometimes seeing the configurations hands-on will help identify what is occuring much quicker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2025 03:06 AM
Hi, Thanks , I have submitted a case CS7905560.
Also any reason why am unable to access the link you provided