Xanadu Security Management

Components installed with Vulnerability Response

Save as PDF

Share this page

Table of Contents

Components installed with Vulnerability Response

Save as PDF

Share this page

Release version:
UpdatedAug 1, 2024
18 minutes to read

Xanadu
Vulnerability Response

Several types of components are installed with activation of the Vulnerability Response application, including tables, user roles, and scheduled jobs.

View filtered lists for components installed with an application

Starting with v24.0.6 of Vulnerability Response, the most frequently used system properties are now accessible within the Vulnerability Response application. To view these system properties, navigate to AllVulnerability ResponseProperties.

Filter the Applications Files table so that only the roles, scheduled jobs, and tables that are installed with an application are displayed. The application you want to view these components for should be installed so that its files are loaded onto the instance and into the metadata table. Follow these steps to view filtered lists from the Applications Files table.

In the filter navigator, enter sys_metadata.list to navigate to the metadata table.
Select the condition builder (filter icon), and select, Application > is followed by the name of your application. For example, Application > is > Vulnerability Response.
In the condition builder, to add a second filter, select AND, then select, Class > is a and choose one of the following classes from the list: Role, Scheduled job, or Table.
Select Run.

The results for the class you selected are displayed in a filtered list.

Roles installed

Note: Roles, Scheduled jobs, and Tables for Application Vulnerability Response can be found in Components installed with Application Vulnerability Response.


Role title [name]	Description	Contains roles
sn_vul_prisma.configure_prisma_integration	Secures the CRUD + report_view operations on sn_vul_prisma_hosts_import table and report_view operation on sn_vul_prisma_host_attrb table.
sn_vul.view_manager_workspace	Views Vulnerability Manager Workspace.
sn_vul.delete	Deletes source records and vulnerable items. Prior to v23.0, the admin role had the privilege to delete the source records.	sn_vul_cmn.delete sn_vul.delete_vulnerable_items
sn_vul_cmn.delete	Deletes source records.
V23.0: sn_vulc.bulk_edit	Performs bulk edit operation on test results.
sn_vul.app_bulk_edit	Performs bulk edit operation on application vulnerable items (AVITs).	sn_vul.app_write_all
sn_vul_container.container_bulk_edit	Performs bulk edit operation on container vulnerable items (CVITs).	sn_vul_container.write_all
sn_vul_cisa.configure_intelligence_integration	Configures Intelligence integrations.
Vulnerability managers and senior analysts [sn_vul.vulnerability_admin or sn_vul.admin (deprecated)]	Update properties and vulnerability integrations. The sn_vul.vulnerability_admin or sn_vul.admin (deprecated) role is required for Vulnerability Response administration including vulnerability integrations, remediation task rules, calculators, and remediation target rules and tasks, reports, and third-party integration configuration.	sn_vul.vulnerability_write sn_vul.ciso_write sn_sec_cmn.admin sn_vul_qualys.admin (when the Qualys Vulnerability Integration is installed.) sn_vul_r7.admin (when the Rapid7 Vulnerability Integration is installed.) sn_vul_shodan.admin (when the Shodan Exploit Integration is installed.) sn_vul.configure_nvd_integration (when the NVD integrations are installed.) treemap_admin (when the Performance Analytics application is installed.)
Patch orchestration	Configures supported third-party patch vendor integrations. View and apply patch data and patch records.	sn_vul_patch_orch.configure_patch Configure and apply patches. sn_vul_patch_orch.read_patch Can view patch records and data. sn_vul_bigfix.configure_integration Configures the BigFix Patch Orchestration Integration application. This role contains the sn_vul_bigfix.read_integration and connection_admin granular roles that permit the user to connect to the BigFix console. sn_vul_sccm.configure_integration This role contains the sn_vul_sccm.read_integration and connection_admin granular roles that permit the user to connect to the SCCM console. sn_vul_bigfix.read_integration Users with this role can view (read only) the  records of the Vulnerability Response and the BigFix Patch Orchestration Integration application and patch orchestration data. sn_vul_sccm.read_integration Users with this role can view (read only) the  records of the Vulnerability Response and the Microsoft SCCM Patch Orchestration Integration application and patch orchestration data.
Vulnerability analysts [sn_vul.vulnerability_write]	The sn_vul.vulnerability_write role is required for managing remediation tasks and vulnerable items, and monitoring remediation progress.	sn_vul.read_all sn_sc_cmn.write sn_vul_qualys.user (when the Qualys Vulnerability Integration is installed.) sn_vul_shodan.write (when the Shodan Exploit Integration is installed.)
V19.0: Vulnerability Event Manager [sn_vul_analyst.vul_event_manager]	The sn_vul_analyst.vul_event_manager role is used to assess the impact of a new vulnerability or software, or add a zero-day vulnerability to identify the impacted assets and create vulnerable items (VIs).	sn_sec_cmn.read canvas_user sn_vul_analyst.emergency_response sn_vul.manage_exposure_assessment
Others [sn_vul.read_all] The sn_vul.vulnerability_read role is deprecated.	The sn_vul.read_all role is required for anyone needing visibility into vulnerability management. For example, IT and security executives or someone who wants to drill down from high-level dashboards to the items that comprise the dashboard visuals. Important: Starting with v24.0.6 of Vulnerability Response, the sn_vul.read_all role has the privilege to access the Vulnerability Manager Workspace.	sn_sec_cmn.read sn_vul_qualys.read (when the Qualys Vulnerability Integration is installed. sn_vul_shodan.read (when the Shodan Exploit Integration is installed.) pa_viewer (when the Performance Analytics application is installed.) sn_vul_tenable.read_integration (when the Tenable Vulnerability Integration is installed.) sn_vul.view_manager_workspace
sn_vul.read_assigned	View vulnerable items assigned to you or your assignment groups in both the Classic UI and IT Remediation Workspace. Important: Starting with v24.0.6 of Vulnerability Response, the sn_vul.read_assigned role has the privilege to access the IT Remediation Workspace.	sn_vul.view_rem_workspace
VR System import administrator [sn_vul.vr_import_admin]	System run-as user. Runs scheduled jobs. Note: This user is the default run-as user for each integration record. Don’t change.	import_admin sn_vul.vulnerability_write
Remediation owner [sn_vul.remediation_owner]	View and update permission for vulnerable items, remediation tasks assigned to you or your group. Can view all vulnerabilities and solutions. Has write access to theInternal notes field on the solution record.	Contained in the itil role.
CISOs and vulnerability executives [sn_vul.vulnerability_ciso]	View the CISO dashboard in Performance Analytics for Vulnerability Response.	sn_vul.ciso_read sn_vul.read_all
False positive approver [sn_vul.false_positive_approver]	Approves/rejects false positive requests.	sn_vul.view_manager_workspace
Exception approver [sn_vul.exception_approver]	Approves/rejects exception requests.	sn_vul.view_manager_workspace

Scheduled jobs installed


Scheduled job	Description
Populate OOTB saved filters for Host and App module	Migrates modules related to Host and App module.
Populate OOTB saved filters for CC module	Migrates modules related to CC module.
Populate OOTB saved filters for Container module	Migrates modules related to container module.
Refresh Host related Saved filters	Refreshes all the aggregation data related to saved filters of Host module.
Refresh CC related Saved filters	Refreshes all the aggregation data related to saved filters of CC module.
Refresh Container related Saved filters	Refreshes all the aggregation data related to saved filters of Container module.
Refresh App related Saved filters	Refreshes all the aggregation data related to saved filters of App module.
Trigger aggregation creation and running for saved filter	Creates, updates, runs, and refreshes the aggregations related to the saved filter.
Version 19.0 of Vulnerability Response and v4.0 of the Veracode Vulnerability Integration	The Veracode CWE Integration retrieves Veracode - specific Common Weakness Enumeration (CWE) data for threat information and remediation recommendations. The Veracode SBOM Integration ingests release, version, and vulnerability information that originates in Veracode about the components in your software projects. The integration generates SBOMs in CycloneDx JSON format and uploads them into your instance Veracode Categories Integration retrieves enhanced Categories data from Veracode. The Veracode DevOps Integration lets DevOps users view summary details for third-party vulnerability scans without a SecOps license. JSON-based APIs for the following Veracode integrations: Application Vulnerable Item, Scan Summary, Application List. The XML-based API versions of these integrations are deprecated.
Associate existing VIs with Auto Exception Rule	Automatically associates the Auto Exception Rule with existing VIs.
Auto-Close Vulnerable Detections	Automatically closes the stale vulnerable detections based on the configuration defined in the table ‘sn_vul_auto_close_config’.
Version 16.1: HCL BigFix Collection, Fixlet, and Actions Integrations.	Manage patches and patch deployments for vulnerabilities with patches from the HCL BigFix product.
Calculate Related Counts for All Solutions	Inactive by default. Processes solutions data once nightly instead of continuously. Starting with v22.0, you can run this job only on demand. As this scheduled job processes all the solutions, it can impact performance. Therefore, it is recommended to run this job only once if the solution data is corrupted.
Calculate Related VI Counts for Vulnerability and Remediation Task	Captures manual and VI import changes for the day. Reconciles vulnerability and solution relationships and recalculates totals. Solutions data is queued and processed separately by the Process Vulnerability Solution Metrics Queue scheduled job.
Check Mid-Server Timeout	Pings the Mid-Server and errors out after 30 seconds.
V19.0: Check potential vulnerability exposure	Processes the delta CVEs, software, and installations to get the exposure.
Check Run State WaitComplete	Marks an integration run as complete once they’re verified as fully done.
Check Vulnerable Item and Groups Deferment Expiration	Sends notifications if vulnerable items or vulnerabilities have expired (and if they expire in one week). Checks if any exception rule is applicable on a deferred VI and updates the Reason and Until fields according to the exception rule. The state of the VI remains Deferred until the latest expiry date.
Close cancel VITs that do not have a CI associated	Automatically closes vulnerable items that don’t have an associated configuration item (CI) and haven’t been updated for three days. State is set to Closed/Cancelled.
Close VI on exp record delete	Closes a VI when it’s deleted.
Compliance Results Integration	Imports test results along with policies, configuration tests (controls) and citations with authoritative sources for processing in the Configuration Compliance application.
Compliance Results Backfill Integration	Part of a chained integration run with the Tenable.io Assets Integration, imports configuration assessment data for ignored assets that are discovered (imported through assets integration).
CR State Synchronization	Script retrofits all existing remediation task to CHG relationships so they are synchronized. Enables synchronization going forward.
Version 15.0 Scan Credential Integration	Imports and securely stores temporarily Tenable.io credentials used to access the scanner for on-demand rescans.
CWE Comprehensive 2000 Integration	Vulnerability integration that pulls in vulnerability information from the Common Weakness Enumeration (CWE) dataset, curated by the MITRE Corporation.
V18.0: Delete Stale Split Action Records	Daily job to clean up stale records in split task intermediate tables.
Disable VR solutions when solutions application not active	Disables and hides the Vulnerability Solution Management feature when the Solution Management for Vulnerability Response application isn’t installed.
Evaluate remediation targets	Sets or updates remediation target dates on all vulnerable items. Determines the status of remediation target dates against rules.
Fixing the detections for updated key for Rapid7 Fixing the detections for updated key for Qualys Fixing the detections for updated key for Tenable	Cleans up detection data automatically by an integration-specific scheduled job that is triggered post-upgrade to Vulnerability Response.
Version 16.1: Generate remediation digest	This job automatically generates an email digest for any users in the Remediation Owner user group. The job is activated by default.
V19.0: Insert CISA exploited CVE to exposure config	Inserts CISA CVEs into the Exposure Configuration table to calculate the exposure.
V18.0: Insert Classic Remediation Tasks Into Unified Remediation Task	One-time scheduled job to insert all the remediation tasks created in the classic UI into the Unified remediation task (sn_vul_remediation_task).
Microsoft Security Response Center Solution integration	Vulnerability Solution Management integration that retrieves solutions from the Microsoft Security Response Center.
Version 16.1: Microsoft SCCM Collection, Patch Update, and Deployments Integrations	Manage patches and patch deployments for vulnerabilities with Microsoft SCCM patches.
Pick up throttled integration process	Creates the integration process for the Shodan Exploit Integration.
Populate affected products text	After upgrade, handles existing solutions to populate affected products text. This job runs only once.
Populate new CR Count Column	Automatically populates the new CR count column for customers with existing data in the remediation task [sn_vul_vulnerability] table.
Process Vulnerability Solution Metrics Queue	Processes the queued solutions data by: Rolling up solutions from NVD entries to third-party entries Populating preferred solutions on vulnerabilities, and Updating the remediation status metrics on the solutions In addition, it also processes the solutions that are marked for update statuses. Note: If you’re using only Rapid7, you can disable this schedule job to improve performance.
Populate records in vulnerability vendor mapping table Populate records in vulnerability vendor mapping table for Rapid7 vulnerabilities	Inserts records into vulnerability vendor mapping table for existing vulnerabilities.
Re-open deferred vulnerability groups	Reopens deferred remediation tasks when the deferment date has passed.
Reapply all vulnerability assignment rules	Reevaluates assignment rules against all Open VIs.
Version 16.5: Reassignment count for assignment rules	Runs daily and posts the total number of VIs and remediation tasks that are unassigned by this feature for a particular assignment rule.
Red Hat Solution Integration	Vulnerability Solution Management integration that retrieves solutions from the Red Hat Security Advisory.
V17.1: Refresh and resolve duplicate VITs on remediation task	Finds duplicate vulnerable items for the items in the remediation task with the ‘Automatically refresh duplicate VIs’ as active.
Refresh associated vulnerable items for non-remediation task rule-based remediation task	Updates the remediation task with vulnerable items matching the Filter Group and Condition groups criteria.
Repair erroneous Vulnerable Items Last Opened and Closed	Repairs existing UI data corrupted by defects previously fixed.
Rerun calculators	Reapplies the calculators to any vulnerable items affected by the change. This triggers a recalculation of the cumulative risk scores of their remediation tasks. Note: Rerunning calculators can take a long time depending on your environment.
Retry Cancelled Integration Import Sets	Retries canceled integration import sets. Retries 5 times before returning an error.
Retry Integration Processes	Retries integration processes. Retries 5 times before returning an error.
Rollup vulnerable item values to vulnerability and group	Computes the risk score, number of vulnerable items, and remediation target status for remediation tasks, using the rollup calculator. Note: Starting with v23.0 of Vulnerability Response, the scheduled job is enhanced to create background jobs with multithreading capabilities. This upgrade involves segmenting the job into several smaller child jobs, which are executed either in parallel or concurrently. This modification enables processing of multiple records simultaneously, thus significantly speeding up the overall task.
Run severity calculator after vuln entry promotion	Runs the severity calculator after a previously missing vulnerability has been updated with its score and other data from a third-party provider, such as Qualys Cloud Platform, Rapid7 Nexpose. Note: Starting with v25.0.3 of Vulnerability Response, the scheduled job is enhanced to create background jobs with multithreading capabilities. This upgrade involves segmenting the job into several smaller child jobs, which are executed either in parallel or concurrently. This modification enables processing of multiple records simultaneously, thus significantly speeding up the overall task.
V19.0: Run exposure assessment for configured CVEs	Calculates exposure for all the CVE records in the Exposure Configuration table.
V19.0: Run software exposure	Calculates exposure for all the software records in the Exposure Configuration table.
Scheduled Vulnerability Data Source Processor	Checks the import queue for entries to process and assigns a scheduled import job based on available resources.
Scheduled Vulnerability integration process attachment cleanup	Removes integration XML attachments once they’re 14 days old. This retention time isn’t configurable.
Scheduled Vulnerability Integration timeout checker	Cancels integration runs that take over 60 minutes to complete.
Set related CI services for VI	Once the integration import is complete, it links the affected business services to CIs connected to vulnerable items, at the specified time. For more information, see Service Mapping in Vulnerability Response.
Set deferral counts	Collects the number of times a vulnerable item, application vulnerable item, a container vulnerable item, or a remediation task is deferred.
Trigger next integration	Triggers the next integration in a chained integration run.
Template Integration	A single template record is sent to Tenable.io during rescan.
Update Ungrouped Vulnerable Items	Determines whether a vulnerable item is in a remediation task and adds or removes it from the Ungrouped Vulnerable Items list. Note: This job runs post-upgrade and, depending on your data set, can take a long time to complete.
Update Vulnerability on VG	Updates the Vulnerability field on the Remediation Task (sn_vul_vulnerabilty) table after upgrade. This job is triggered once and inactive afterward.
Vulnerability Import Template	Engine that processes the import queue. One of 10.
Vulnerability Response Age Closed Update	Updates Age closed column on VI table.
Vulnerability Response CI count	Calculates the number of CIs scanned by third-party scanners in the last 30 days.
Vulnerability Response Risk and Remediation Status Upgrade	Updates the risk rating on data when you upgrade.
v20.0: Check Risk Mitigation Expiration	Checks if compensatory controls have expired for a Vulnerable Item and a Remediation Task. If they expired, it reverts the risk score to original risk score and sends an email notification indicating that compensatory controls have expired. Also sends an email notification if compensatory controls are set to expire within 7 days.

Tables installed


Table	Description
v24.0.6 Prisma Hosts Import [sn_vul_prisma_hosts_import]	Import set table for the hosts.
v24.0.6 Prisma Host Attributes [sn_vul_prisma_host_attrb]	Asset attribute table for hosts integration.
v22.0 sn_vul_cmn_auto_close_rule	Closes stale detections automatically based on filter conditions.
sn_vul_cmn_ws_saved_filter	Stores the data of saved filter.
sn_vul_licensing_usage	Contains the duplicate asset, Incomplete IP Asset, Total scanner assets counts and Final usage.
sn_vul_m2m_entry_compensating_control	Represents association between vulnerability entries and compensating controls.
v21.0 Rapid7 Scan Engine [sn_vul_r7_scan_engine)	Store the records imported Scan Engine data responsible for discovering assets during a scan and checking them for vulnerabilities.
v21.0 Rapid7 Scan Engine Import [sn_vul_r7_scan_engine_import]	Used by the Rapid7 Scan Engine integration to stage import data prior to processing.
Version 19.0: [sn_vul_veracode_cwe_import]	Extends the Veracode Category table for CWE remediation recommendations.
Version 19.0: [sn_vul_veracode_category_import]	Stores imported category data.
Version 19.0: [sn_vul_veracode_sbom_import]	Stores imported SBOM data originating from Veracode.
V17.1: Add Proof to the VI Key [sn_vul_proof_key_vulnerability]	Rapid7 vulnerabilities for which proof must be included in the VI key. Starting with v24.0.6 of Vulnerability Response, a column 'Regular Expression to Split Tenable VITs' is added. It stores the regular expression entered by a user that is used to parse the proof from the payload.
Assessed Vulnerable Items [sn_vul_m2m_exp_sw_vi]	Assigns a remediation task to an assignment group during remediation task creation.
Assignment Rule [sn_vul_vgr_assignment_rule]	Assigns a remediation task to an assignment group during remediation task creation. Prior to v15.0: Assigns a remediation task to an assignment group during remediation task creation.
Associate Change Request [sn_vul_action_associate_cr]	Staging table used to process new remediation task-CHG associations. Prior to v15.0: Staging table used to process new VG-CHG associations.
Asynchronous Vulnerable Item Job [sn_vul_async_vi_job]	Contains background jobs that process vulnerable items. Only one job type is supported; used to edit vulnerabilities in bulk.
Asynchronous Vulnerable Item Job Type [sn_vul_async_vi_job_type]	Contains the types of background jobs, and references the relevant script. Only has one processor, the VulnerabilityBulkEditProcessor
Auto-Close Stale Detections [sn_vul_auto_close_config]	Stores the configuration for how stale detections are automatically closed.
Configure Vulnerable Item Granularity [sn_vul_action_vi_granularity_config]	Stores the UI form used to enable or disable Include Port from the configuration page in the Configure VI Granularity module.
Create change request [sn_vul_action_create_cr]	Used to create change requests from remediation task.
Create Vulnerable Items [sn_vul_action_create_vi]	A staging table which is used as a place holder for information. This table does not store any records.
Collection [sn_vul_patch_orch_collection]	Stores collection data from distinct instances.
CWE [sn_vul_cwe]	Catalog of Common Weakness and Enumeration (CWE) software vulnerabilities.
CWE Applicable Platform [sn_vul_cwe_m2m_cwe_platform]	Contains the imported CWE applicable platform data.
CWE Category [sn_vul_cwe_category]	Contains the imported CWE category data.
CWE Common Consequence [sn_vul_cwe_consquence]	Contains the imported CWE common consequence data.
CWE External Reference [sn_vul_cwe_reference]	Contains the imported CWE external reference data.
CWE Observed Example [sn_vul_m2m_cwe_cve]	Contains the imported CWE CVE data.
CWE Platform [sn_vul_cwe_platform]	Contains the imported CWE platform data.
CWE External Reference [sn_vul_cwe_reference]	Contains the imported CWE related external reference data.
CWE Relationship [sn_vul_m2m_cwe_relation]	Contains the imported CWE relationship data.
CWE View [sn_vul_cwe_view]	Contains the imported CWE view data.
CWE Weakness [sn_vul_cwe_weakness]	Contains the imported CWE weakness data.
Version 16.1: Device Collection [sn_vul_patch_orch_m2m_src_ci_collection]	Stores collections data about discovered items.
Version 16.1: Device Update [sn_vul_patch_orch_m2m_src_ci_update]	Stores data about the deployed patches, along with deployment status, that are on displayed on discovered item records.
Discovery Model Vulnerable Software Match [sn_vul_discovery_model_software_match]	Supplements the matching of vulnerable software to a discovery model.
Exception Management Configuration [sn_vul_exception_config]	Stores the configuration settings for the exception management feature.
Exception Rule [sn_vul_auto_exception_rule]	Contains the set of rules evaluated for Exception Management.
Exploit [sn_vul_exploit]	Contains the definitions of exploits: publicly available code that takes advantage of a vulnerability.
Exploit Framework sn_vul_exploit_framework	Contains the names of exploit frameworks: full software packages that are capable of running many exploits.
Exposed Discovery Models [sn_vul_m2m_exp_sw_model]	Stores the mapping between the Discovery model and Vulnerability Exposure Assessment.
Exposure Assessment [sn_vul_exp_by_sw]	Stores the records for exposure assessment.
V19.0: Exposure Manifest sn_vul_analyst_exposure_manifest	Manifest table for delta processing.
Exposure Vulnerability Entries [sn_vul_m2m_entry_exp]	Stores the mapping between Vulnerability (sn_vul_entry) and Exposure Assessment.
Malware Kit [sn_vul_malware_kit]	Contains the details of malware kits: pre-written tools that make it easy to run an exploit or set of related exploits without doing additional coding or configuration work
Missing asset table [sn_vul_tenable_missing_asset]	Contains temporary asset IDs for ignored configuration compliance assessment data with unmatched assets.
Microsoft Response Center Solution Update [sn_vul_msrc_update]	Contains the last time that the solution data was updated by Microsoft. Used to compare against the nightly import to determine the delta data for download.
Microsoft Security Response Center Solution Import [sn_vul_msrc_solution_import]	Used by the Microsoft Security Response Center Solution integration to stage import data prior to processing.
Microsoft Security Response Center Solution Integration [sn_vul_msrc_integration]	Extends the Vulnerability Integration [sn_vul_integration] table for the Microsoft Security Response Center Solution Integration.
National Vulnerability Database Entry [sn_vul_nvd_entry]	Documented vulnerability from the NIST National Vulnerability Database.
NVD CVSS Import [sn_vul_nvd_cvss_import]	Contains staging data that hasn’t yet been transformed to the Vulnerability Response schema during NVD import.
Version 16.1 [sn_vul_patch_orch.patch_approval_required]	When patch deployments are scheduled from a patch integration, requests are submitted for review and approval to users assigned to the Level 1 - Patch update approval group. This property is activated by default.
Version 16.1: Patch Deployment [sn_vul_patch_orch_deployment]	Stores information about deployed patches about Collections and CIs.
Version 16.1: Patch Update [sn_vul_patch_orch_update]	Stores information about the patches that are available on distinct instances.
Version 16.1: Potential Patch [sn_vul_patch_orch_m2m_vuln_patch]	Stores data about patches and vulnerabilities that identify the patches that might be used to resolve a vulnerability.
V19.0: Potential Vulnerability Exposure sn_vul_analyst_m2m_pot_exp_sw_model	Exposure assessment table for CVE.
Product category [sn_vul_product_category]	Contains the imported product category data.
Red Hat Security Advisory [sn_vul_rhsa_update]	Compares the Red Hat solutions against the nightly job to determine the delta data for import.
Red Hat Solution Imports [sn_vul_rh_solution_import]	Used by the Red Hat Solution Integration to stage import data prior to processing.
Red Hat Solution Integration [sn_vul_rh_integration]	Extends the Vulnerability Integration [sn_vul_integration] table for the Red Hat Solution Integration.
Related Business Services [sn_vul_m2m_ci_services]	Links CIs to Business Services for impacted services lookup. Contains a flag indicating whether it was added by Service Mapping.
V18.0: Remediation Effort Counts [sn_vul_daily_count_re]	Daily count of remediation efforts. This table is updated daily.
V18.0: Remediation Effort Record [sn_vul_remediation_effort_record]	Tracks the remediation progress for remediation efforts (RE). Contains references to the REs.
Remediation Target Rule [sn_vul_ttr_rule]	Defines the expected time frame for remediating a vulnerable item. Extends Application File.
V18.0: Remediation Task [sn_vul_remediation_task]	Stores all the remediation tasks for VR, AVR, CVR, and test result groups. Consists of information related to [sn_vul_vulnerability] table records. Users who cannot view records in [sn_vul_vulnerability] table list view, can see those records information in the [sn_vul_remediation_task] table list view. This table is accessible to the users in Vulnerability Manager workspace or IT Remediation Workspace
REST Integration [sn_vul_rest_integration]	Extends the Vulnerability Integration [sn_vul_integration] table for the REST-based Integrations.
SAM NVD Vulnerability Detection [sn_vul_sam_config]	Contains which CI and Vulnerabilities are monitored with SAM NVD and whether SAM NVD vulnerability detection is enabled or not.
Scheduled Import Pool [sn_vul_sched_import_pool]	Collection of scheduled import set records used to facilitate simultaneous data source imports.
Select Vulnerable Item [sn_vul_action_select_vi]	Base staging table used to handle split VG, create CHGs, and associate CHGs
Setup Status [sn_vul_setup_status]	Internal only: Used by the Setup Assistant. Whenever Setup Assistant is opened, it shows the status of the steps Completed, and the percentage on the right top corner comes from this table.
Severity Map [sn_vul_severity_map]	Contains the mappings from source severity to normalized severity.
Solution Scanner Mapping [sn_vul_solution_scanner_mapping]	Maps vendor, scanner, and keywords for exclusion or inclusion.
Split vulnerability group [sn_vul_action_split_vg]	Staging table used to split remediation tasks.
Third Party Vulnerability Entry [sn_vul_third_party_entry]	Documented vulnerability from a third-party source.
[sn_vul_tenable_io_template	A template record is sent to Tenable.io and then imported during rescan for items that have Tenable.io as a source.
Update Manifest [sn_vul_update_manifest]	List of remediation tasks that have been updated and require recalculation by the rollup calculator.
V17.1: Usage by CI classes [sn_vul_licensing_usage_by_ci_classes]	Contains the usage count aggregated by the CI class.
VR Configuration Item Count [sn_vul_vr_configuration_item_count]	Contains the 90-day rolling cumulative average of configuration items imported from third-party integrations.
Vulnerability Assignment Rule [sn_vul_assignment_rule]	Contains the set of rules evaluated to set the assignment group on VIs.
Vulnerability Calculator [sn_vul_calculator_group]	Contains the vulnerability calculator rules. The order of the calculator determines which calculator is evaluated first, and in each calculator, one calculator rule, at most, is used.
Vulnerability Calculator Rule [sn_vul_calculator]	Contains the rules for all of the calculators. For each calculator, the calculator rules are reviewed in order. The first calculator matching the condition uses the values within that rule.
Vulnerability CVEs [sn_vul_m2m_entry_cve]	Links NVD Common Vulnerability Exposures (CVE) data to vulnerable entries.
Vulnerability Data Source Import Queue Entry [sn_vul_ds_import_q_entry]	Queue for attachments before they’re processed by a data source. Utilized by vulnerability integrations.
Vulnerability Entry [sn_vul_entry]	Documented vulnerability.
Vulnerability Entry Scan [sn_vul_entry_scan]	Stores the relationship between a scan and vulnerability entry.
Vulnerability Exploit Framework [sn_vul_m2m_framework_vul]	Contains the relationship between Exploit frameworks and vulnerabilities.
V19.0: Vulnerability Exposure Assessment sn_vul_analyst_sam_config	Exposure assessment configuration table for CVE.
Vulnerability Granularity Configuration [sn_vul_granularity_config]	Stores and maintains the state of include or exclude Port for the Configure VI Granularity module.
Remediation Tasks [sn_vul_vulnerability]	Collection of vulnerable items organized for remediation.
Remediation Task Change Requests [sn_vul_m2m_vg_change_request]	Stores the association of remediation tasks and CHG requests.
Remediation Task Items [sn_vul_m2m_vul_group_item]	Association of remediation tasks and vulnerable items.
Remediation Task Rules [sn_vul_grouping_rule]	Contains the rules that define the criteria with which groups are automatically created for a set of vulnerable items.
Vulnerability Integration [sn_vul_integration]	Schedulable record to import vulnerability data from an external source. Extends Scheduled Script Execution.
Vulnerability Integration Data Source [sn_vul_int_data_src]	Data source to use with a vulnerability integration.
Vulnerability Integration Log [sn_vul_integration_log]	Records log information output by vulnerability integration runs.
Vulnerability Integration Process [sn_vul_integration_process]	Single process occurrence for a vulnerability integration.
Vulnerability Integration Queue [sn_vul_integration_queue]	Queues the import requests for an integration run when all the Data Sources are in use.
Vulnerability Integration Run [sn_vul_integration_run]	Vulnerability integration invocations. Note: If an integration run is in progress, only one integration can be in ready state in the backlog.
Vulnerability Integration Run Stats [sn_vul_integration_stats]	Stores the breakdown of each step: for example, REST API time, VI creation time, and so on for an integration run
Vulnerability Item Task [sn_vul_m2m_item_task]	Vulnerable items associated with problems, changes, and security incidents.
Vulnerability Malware Kit [sn_vul_m2m_malware_kit_vul]	Contains the relationships between vulnerabilities and malware kits.
Vulnerability Prerequisite Solution [sn_vul_m2m_solution_prerequisite]	Contains the source-specific prerequisites to applying a solution, when available.
Vulnerability Rate limit [sn_vul_rate_limit]	Defines a rate limit to be used on a scanner.
Vulnerability Reference [sn_vul_reference]	External references for known vulnerabilities.
Vulnerability Remediation Status [sn_vul_m2m_ttr_status]	Status of the vulnerable item against the closest applied remediation target rule.
Vulnerability Risk Rule [sn_vul_calc_risk]	Specialized calculator rule used with the Risk Score calculators. Takes weights indicating which values, related to a VI, to use to calculate the Risk Score.
Vulnerability Rollup Calculator [sn_vul_rollup]	List of vulnerability rollup calculators.
Vulnerability Scan [sn_vul_scan]	Vulnerability scan. Contains what to scan, with what scanner, and a summary of the scan results.
Vulnerability Scan Configuration Item [sn_vul_m2m_scan_configuration_item]	Associates CMDB CIs that are queued to be scanned.
Vulnerability Scan Queue Entry [sn_vul_scan_q_entry]	Scan record queued for scanning or processing. Facilitates the requests within stated rate limits.
Vulnerability Scan Source [sn_vul_m2m_scan_source]	Associates sources to a scan record and signifies all the records that are queued to be scanned.
Vulnerability Scan Task [sn_vul_m2m_scan_vulnerability]	Associates vulnerability tasks for the sources of a scan record.
Vulnerability Scanner [sn_vul_scanner]	Defines third-party scanners to use in scans.
Vulnerability Scanner Rate Limit [sn_cmn_scanner_rate_limit]	Associates a scanner with a rate limit.
Vulnerability Software [sn_vul_m2m_entry_software]	Contains associations between vulnerabilities and vulnerable software.
Vulnerability Solution [sn_vul_solution]	Contains the relationship data between the vulnerability and the possible solutions for it. Starting with v24.0.6 of Vulnerability Response, a new column titled Scanner Bulletin is added to this table.
Vulnerability Solution [sn_vul_m2m_vulnerability_solution]	Links the Vulnerability Entry (sn_vul_entry) table to the Vulnerability Solution (sn_vul_solution) table.
Vulnerability State Change Approval [sn_vul_change_approval]	Tracks the approval process for vulnerabilities.
Vulnerability Superseding Solution [sn_vul_m2m_solution_supersedence]	Contains the source-specific relationship between solutions.
Vulnerability Update Manifest [sn_vul_vuln_update]	Contains a list of vulnerabilities that need their rollup data updated after their vulnerable items are updated, closed, or have risk score changes.
Vulnerability Vendor Mapping [sun_vul_vulnerability_vendor_mapping]	Contains a list of vulnerabilities and their vendors.
Vulnerable Item [sn_vul_vulnerable_item]	Contains the occurrence of a vulnerability on a configuration item.
Vulnerable Item Detection [sn_vul_detection]	Contains the vulnerable item detections from third-party integrations.
Vulnerable Software [sn_vul_software]	Software that is known to have certain vulnerabilities.

Xanadu Security Management