Vulnerability Response Notifications

Khanna Ji
Tera Guru

Hi Team,

Can you please explain me the below vulnerability response notifications? I am finding it hard to understand them.

Appreciate your efforts and time.

find_real_file.png

7 REPLIES 7

Uncle Rob
Kilo Patron

Haven't fully deconstructed this app, but here are my best guesses.

Vulnerable Item Deferment is Expiring - You can defer the warning on a vulnerable item.  Basically "I know, but authorize its vulnerable state temporarily".  This notification reminds you that the deferment interval is ending.

Remediation Target Rule - vulnerabilities will require remediation.  This rule notifies when the target date of the remediation is upcoming.

Vulnerable Item Reactivated - Self explanatory.  A previously vulnerable item has been reactivated and still vulnerable.  

1) At what interval the notification is sent? 2) When will it stop sending notification? Does it stop after deterred time? 3) What if the Deferred time is already elapsed or deferred time is in past date than current? 4) At what time system sends out notification in a day or week or what?

This would all depend on which of the notifications we're talking about.  Each of them could have different answers.

look at the firing conditions of each of them.  Are they database transaction based or event based?  If they're transaction based (on X update with conditions of X,Y,Z) then they aren't fired on intervals.  If they're event based then look through your scheduled jobs for scripts that contain the event names.  You'll also need to pound through any workflows related to that task table to see if any of them are firing that event as an activity.

 

jonathanwalker
ServiceNow Employee
ServiceNow Employee

Robert is right on point with his replies.

These notifications are going out to the groups you as a customer have specified.

The notifications are triggered based on 

  • When a deferred vulnerable item (a vulnerable item that has an exception that has been "approved")...when that deferred date is coming up for expiration
  • When the Remediation Target (SLA) for a specified vulnerable item is going past target.
  • When a vulnerable item that was in a closed state, goes back to open (most likely because it was closed manually / in the record by a remediation owner, and the scanner found that vulnerability again on the host).

Thanks.