Analytics and Reporting Solutions for Vulnerability Response

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Analytics and Reporting Solutions for Vulnerability Response

    Vulnerability Response in ServiceNow provides comprehensive analytics and reporting tools designed to help you monitor and manage the remediation of security vulnerabilities effectively. These solutions enable you to track trends, assess risks, manage assignment groups, and monitor deferrals and recurring vulnerabilities, thereby improving your organization’s security posture and operational efficiency.

    Show full answer Show less

    Key Features

    • Data Visualizations in Workspaces: Dynamic, real-time visualizations in Vulnerability Response Workspaces display the number and severity of active vulnerabilities. These visual tools help assess organizational threat levels and remediation progress.
    • Dashboards: Default dashboards available under All > Vulnerability Response > Overview provide high-level insights. From version 19.0 onward, these dashboards are accessible in the New Experience UI, with options to switch views based on user roles.
    • Remediation Task Management: Most remediation activities are performed within remediation task records. Tasks include creating change requests, adding work notes, deferring tasks, closing tasks, and tracking compliance obligations.
    • Risk and Prioritization Controls: You can adjust risk score calculators to ensure accurate prioritization of remediation tasks or defer vulnerable items and tasks as necessary.
    • Integration with Change Management: The platform supports initiation and tracking of change requests tied to remediation efforts, facilitating coordination with IT Operations.
    • Automated Scan and State Updates: Vulnerability scans trigger state changes automatically—fixed items close upon verification, while unresolved items revert to investigation status. Specific integrations with Qualys and Rapid7 include configurable options to reopen resolved vulnerabilities based on scan results and age.
    • Vulnerability Solution Management Metrics: Detailed deployment progress metrics help identify bottlenecks in remediation tasks and vulnerabilities. Users can drill down into causes and update status directly from related forms.

    What You Can Expect

    By leveraging these analytics and reporting capabilities, ServiceNow customers can effectively monitor remediation progress, prioritize high-risk vulnerabilities, and coordinate remediation efforts with IT Operations. The automated workflows and dashboards streamline vulnerability management, ensuring timely resolution and compliance tracking. Additionally, integration with third-party scanners and change management processes enhances accuracy and operational alignment, reducing risk and improving security outcomes.

    Monitoring vulnerability remediation involves viewing trends, managing risk, and monitoring assignment groups. You can review high risk issues, assignment group workloads, deferrals and, reoccurring vulnerabilities. Vulnerability Response offers tools, reports, and procedures to make that process more productive and efficient.

    Data visualizations in the Vulnerability Response Workspaces

    The Vulnerability Response Workspaces include data visualizations that can help you monitor your remediation progress. You can determine the threat level to your organization by viewing the number and severity of active vulnerabilities that are important to your organization on dynamic data visualizations that are updated as vulnerability data changes. See Vulnerability Manager Workspace and Exploring the IT Remediation Workspace for more information about the dynamic data visualizations that are available.

    Vulnerability analysts can also use default Vulnerability Response dashboards at All > Vulnerability Response > Overview.

    Important:
    Starting with version 19.0 of Vulnerability Response, this dashboard can also be viewed in the New Experience UI. To view the dashboard in the new UI, navigate to Workspaces > Vulnerability Manager Workspace and click the Dashboards icon. Depending on your role, the default dashboard is displayed. To view other dashboards, click the drop-down next to the dashboard name. For more information, see Dashboards in the Vulnerability Manager Workspace and Dashboards in the IT Remediation Workspace.
    Note:
    If you are on Tokyo, you can view the dashboards in the Next Experience UI but with some functional loss.

    Vulnerability Response remediation process

    Most vulnerability remediation is done from the remediation task record from within the Vulnerability Response Workspaces. From the remediation tasks (RTs) in the Under Investigation state, you can perform several tasks.
    • Create change requests.
    • Add work notes and descriptions of vulnerabilities within the remediation task.
    • Defer the remediation task and the vulnerable items in it until a later date.
    • Close the remediation task.
    • Track new regulatory compliance obligations, which are usually time sensitive.
    • Log in to your Vulnerability Response instance.
    • Review your Vulnerability Management and third-party dashboards and reports to locate problem areas. For example, view dashboards that show remediation task (RT) aging by states or high risk vulnerable items (VIs) past their remediation target date.
    • Review the state of remediation tasks, in order of risk.
    • Revise the prioritization for the tasks by adjusting your risk score calculators if the risk score is not being calculated correctly or deferring VIs or RTs, as needed. See Vulnerability Response calculators and vulnerability calculator rules or Defer a Remediation task for more information on these options.
    • Review deferred vulnerable items about to reopen and take further action as required. If you want to initiate and track change activities on your assets, remediation tasks, and their corresponding vulnerable items, for more information, see Change management for Vulnerability Responsefor further action.
    • Review feedback from IT Operations.

      Once you are notified that a change request is resolved, wait for the next scan. Scans are triggered automatically by the third-party import schedule configured in the Setup Assistant.

    • After a scan, if the state is Fixed, vulnerable items are automatically closed during import. The group closes when all vulnerable items in the group are fixed.
    • After the scan, if the state is not Fixed, the VI is automatically moved back to Under Investigation.

    • Vulnerable items set to 'Resolved' in your instance but not transitioned to 'Closed/Fixed' by the third party integration runs are reopened if they are detected during rescans.

      For Qualys detections, if the scanner continues to find VIs that were set to 'Resolved' but then not transitioned to 'Closed/Fixed' by subsequent scans, these VIs move back to 'Open' when the last found date is later than the Resolved date.

      For Rapid7 detections, an option is now available on the Rapid7 configuration page in your instance to reopen resolved VIs by age. If enabled, VIs set to 'Resolved' but then not transitioned to 'Closed/Fixed' by subsequent scans transition back to 'Open' after the number of days that you enter.

    Vulnerability Solution Management Deployment Progress

    Comprehensive deployment metrics for remediation tasks and vulnerability entries are included in Vulnerability Solution Management under Remediation Status in vulnerabilities, vulnerable items. Easily identify which remediation task or vulnerability is slowing resolution progress. Drill down into how the vulnerability is identified, or what aspects of the affected assets may be causing the remediation issue. Update the status of your metrics using the Update status related link in the vulnerability, solutions, and remediation task forms.