Get a first look at what's coming. The Developer Passport Australia Release Preview kicks off March 12. Dive in! 

Zero day Vulnerability - Best Practice

Go to solution
sach1
Tera Guru

‎11-13-2025 12:29 AM

Hi All,

 

I am looking for guidance and best practice on how to handle Zero day Vulnerabilities in ServiceNow for cases where CVE's are not available.

 

Came across the below KB article which talks about creating a new table by extending OOTB Vulnerability table, is that the only way ?

How to handle Zero Day Vulnerabilities in Vulnerability Module - Support and Troubleshooting

 

We want to create VIT's and remediation tasks for the vulnerabilities for which CVE's are not created.

 

#secops #vulnerability 

#SIR #VR

  • 2,980 Views
1 ACCEPTED SOLUTION

Go to solution
Sarath S
ServiceNow Employee

‎11-19-2025 08:59 AM - edited ‎11-19-2025 09:40 AM

@sach1 : For Zero-Day vulnerabilities where a CVE is not yet published, you don’t need to extend the Vulnerability table. A more effective and scalable approach is to use Exposure Assessment in Vulnerability Response.

With Exposure Assessment, an analyst can initiate an assessment using only the impacted software, even when the CVE ID is not available. You simply input the affected software , and the assessment automatically identifies installations from the cmdb_sam_sw_install. Once the software match is established, users can :

  • Create Vulnerability Items (VITs) tied to the impacted CIs

  • Trigger existing automation rules, including

    • VIT assignment

    • Remediation Task generation

    • Remediation Target Rules etc 

  • Continue through your full workflow exactly as it would for CVE-based vulnerabilities

  • Finally, close VITs using Auto-Close Rules once remediation is complete

This approach allows you to operationalize Zero-Day vulnerabilities seamlessly, without waiting for a CVE to be published and without creating custom tables. 

 

In short: Exposure Assessment by software is best practice for handling Zero-Day vulnerabilities in ServiceNow. It allows you to identify the exposure, generate VITs, and drive remediation end-to-end—even before official CVE details exist.

 

If you're looking for an even more streamlined and coordinated process during high-severity Zero-Day events, you can also leverage Vulnerability Crisis Management. It provides an orchestrated workspace to track the Zero-Day, collaborate across teams,and monitor remediation progress all while your Exposure Assessment driven VITs and remediation tasks flow automatically in the background.

 

Exposure assessment document :

https://www.servicenow.com/docs/bundle/zurich-security-management/page/product/vulnerability-respons...

 

Vulnerability Crisis Management document: https://www.servicenow.com/docs/bundle/zurich-security-management/page/product/vulnerability-respons...

 

Thanks,
Sarath S

View solution in original post

15 REPLIES 15

Go to solution
Simon Hendery
Tera Patron
In response to MaxMixali

‎11-20-2025 10:29 AM

Well, you're not. So stop posting garbage.

Go to solution
MaxMixali
Mega Sage
In response to Simon Hendery

‎11-20-2025 10:29 AM

ok.

0 Helpfuls

Go to solution
MaxMixali
Mega Sage
In response to Simon Hendery

‎11-20-2025 10:57 AM

Simon, with your large experience can you expose a solution for this 

0 Helpfuls

Go to solution
Simon Hendery
Tera Patron
In response to MaxMixali

‎11-20-2025 11:05 AM

@MaxMixali - yes I could, but we've already had a detailed solution provided by an expert who works for ServiceNow.

 

This thread doesn't need anther solution. And it certainly doesn't need pseudo-solutions that are just copied and pasted answers from ChatGPT.

 

If I want a GenAI answer to a question, I get it myself. If I want an answer from a real ServiceNow expert, I ask for it here on the Community.

 

#AI_slop 

 

Go to solution
MaxMixali
Mega Sage
In response to Simon Hendery

‎11-20-2025 11:06 AM

So if you publish your solution I can learn more from an expert like you. many thanks. 

0 Helpfuls