- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-20-2019 01:54 AM
Hi All,
I have gone through the state changes between vulnerable item and group but have some questions unanswered.
https://docs.servicenow.com/bundle/london-security-management/page/product/vulnerability-response/concept/vulnerabillity-states.html#VulnerabilityStates
1) When all vulnerable items associated to a group are closed, does system close group automatically? (When I manually closed items, it did not close the group. Does this happens when integration runs?)
2) When I open one of the vulnerable item from closed group, does system open the vulnerability group? (When I manually opened a vulnerable item, group did not open. Does this happen when integration runs?)
Please help me to understand these transition states.
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-05-2019 01:19 PM
The out of box business rule to handle the change is "Closed-fixed roll up to group level" (on Madrid). Get to this via on Vulnerable Item list view, config---business rule.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-21-2019 07:59 AM
Hi Swathi,
When all of the Vulnerable Items associated to a Vulnerability Group, move to a condition of State = Closed and and Substate = Fixed, the Vulnerability Group record with automatically be closed.
So if you have 10 Vulnerable Items associated a to a Vulnerability Group, and all 10 Vulnerable Items are updated to Closed/Fixed, the Vulnerability Group will automatically be moved to State = Closed, Substate = Fixed as well.
In the condition of a Vulnerable Item moving from Open -> Closed/Fixed -> Open; it would depend on how many / which Vulnerability Groups the Vulnerable Item is associated to. If the Vulnerable Item was associated to a single Vulnerability Group in the (Closed / Fixed) scenario, and the Vulnerable Item was re-opened, the base system behavior would create a new Vulnerability Group record and would not re-open the previously closed Vulnerability Group record.
One thing to keep in mind is that his is different from using the 'Defer' functionality. The 'Defer' functionality sets an expiration date for when the State of a Vulnerable Item and / or Vulnerability Group would move to back to 'Open'. I mention this as you may run into the term "re-open" with this capability, but it is driven by an expiration date set and requested by the user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-21-2019 08:27 AM
Does this transition happens when integration runs? When I tried below scenarios manually, I got different results than what you are saying in London.
1) When all vulnerable items associated to a group are closed, does system close group automatically? (When I manually closed items, it did not close the group. Does this happens when integration runs?)
2) When I open one of the vulnerable item from closed group, does system open the vulnerability group? (When I manually opened a vulnerable item, group did not open. Does this happen when integration runs?)

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-22-2019 02:48 PM
Hi Swathi.
Scenario 1)
The behaviour of a Vulnerability Group automatically closing when all Vulnerable Items associated to that Vulnerability Group, are set to Closed / Fixed - works in London and can be replicated by manually creating records as well.
The Business Rule that controls this is called (Closed-fixed roll up to group level).
Scenario 2)
This also works in London if you are testing manually, and with the baseline Vulnerability Group Rule called "Vulnerability"...
If you start with Vulnerability Group record with a single associated Vulnerable Item record:
- Closing the Vulnerable Item, will automatically trigger closing the associated Vulnerability Group
If you take that Closed Vulnerable Item:
- Change the State of the Vulnerable Item back to Open (can use Bulk Edit on Vulnerable Item list view for this)
- The original associated Vulnerability Group record will remain as Closed
- A new Vulnerability Group record will be created, and the existing Vulnerable Item (now "re-opened") will be associated to the new Vulnerability Group record as well
- The Vulnerable Item will be associated to two Vulnerability Group records in total, one that is Closed and one that is in the Open state
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-19-2021 01:22 PM
Hi Andy,
I know this is a old post. I am curious to know by your comments about same vulnerable item may get associated to more than 1 vulnerability group. We have this scenario where 1 'open' vulnerable item is being associated to more than 1 vulnerability group, we are treating them as duplicates and trying to delete them. And also trying to prevent the same VIT to open in multiple groups. We are not sure why this is happening.
What are your thoughts on this?
Thanks!