Application Vulnerability Management (PA) dashboard
Track the volume, performance and progress of application vulnerabilities from initial analysis and detection to containment or remediation.
Use cases
| User | Dashboard use |
|---|---|
| Vulnerability managers | With the Application Vulnerability Management dashboard, vulnerability management can determine which application vulnerable items (AVIs) present the most risk to their organizations. These dashboards provide a graphical view into AVI activity to help them determine remediation plans and status progress. Focus on the KPIs associated with critical affected applications and high-visibility vulnerabilities. |
Required ServiceNow AI Platform roles, setup, and the dashboard tabs
The Application Vulnerability Management (PA) dashboard is included as a part of the Performance Analytics for Vulnerability Response content pack. The Performance Analytics for Vulnerability Response content pack is not automatically installed with the Vulnerability Response application. It is available on the ServiceNow® Store as a separate subscription.
For more information about setting up, installing, and configuring your Performance Analytics for Vulnerability Response application, see Install and configure the Performance Analytics for Vulnerability Response [PA] application.
To view the dashboard, as a user assigned to Security Champion, App-Sec Manager, or Developer user groups, navigate to .
Starting with version 19.0 of Application Vulnerability Response, this dashboard can also be viewed in the New Experience UI. To view the dashboard in the new UI, navigate to and click theDashboards icon. Depending on your role, the default dashboard is displayed. To view other dashboards, click the drop-down next to the dashboard name. For more information, see Dashboards in the Vulnerability Manager Workspace and Dashboards in the IT Remediation Workspace.
The Overview dashboard communicates KPIs for vulnerability risk and prevalence, affected applications, remediation trends, and remediation progress. The default for trends is three months but can be changed to 7 day, one month, 3 months, 6 months, YTD, 1 year, or All.
Breakdown the data in the Application Vulnerability Management dashboard by Scan Type, Application or Business unit. Each of these choices has an additional filter, Select elements, to refine your selections. Starting from Application Vulnerability Response v15.0, business and CI applications have been added to the choices for the Application filter.
The Security Posture tab helps you understand your security posture and the progress of your remediation actions.
This dashboard helps you understand where your organization is taking risk due to potentially excessive deferrals and reconsider remediation options.
You can view Deferred Application Vulnerable items by Reason, Expiring Deferral Requests for AVIs, Exceptions for Critical Application Vulnerable Items by Assignment Group, AVI Exception Requests by Requester.
The Remediation Trend tab helps you understand the progress of your remediation actions.
The Scoreboard tab helps you understand the progress of your remediation actions, and which AVIs need the most assistance with their completion.
- Dynamic: Use only metrics from dynamic data import
- Static: Use only metrics from static data import
You can choose either or both.
Indicators
- Mean time to remediate Low AVIs
- [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 4 - Low]] / [[Closed Application Vulnerable Items > Risk Rating = 4 - Low]]. Goal is to minimize.
- Application Releases
- It is the count distinct on applications from AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Application Vulnerable Items
- It is the count on app vul items AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Average AVIs per application
- [Active Application Vulnerable Items]] / [[Application Releases]]. Goal is to minimize.
- Unassigned VIs
- It is the count on indicator source AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Mean time to remediate AVIs
- [[Summed Duration of Closed Application Vulnerable Items]] / [[Closed Application Vulnerable Items]]. Goal is to minimize.
- Mean time to remediate High AVIs
- [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 2 - High]] / [[Closed Application Vulnerable Items > Risk Rating = 2 - High]]. Goal is to minimize.
- Closed Application Vulnerable Items
- It is the count on indicator source AVI.Closed, which is using the table: sn_vul_app_vulnerable_item. Goal is to maximize.
- Mean time to remediate Critical AVIs
- [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 1 - Critical]] / [[Closed Application Vulnerable Items > Risk Rating = 1 - Critical]]. Goal is to minimize.
- New Application Vulnerable Items
- It is the count on indicator source AVI.New, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Mean time to remediate Medium AVIs
- [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 3 - Medium]] / [[Closed Application Vulnerable Items > Risk Rating = 3 - Medium]]. Goal is to minimize.
- Net change in VIs
- [[New Application Vulnerable Items]] - [[Closed Application Vulnerable Items]]. Goal is to minimize.
- Summed Duration of Closed Application Vulnerable Items
- It is the count on indicator source AVI.Closed, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Critical Overdue Application Vulnerable Items
- It is the count on data source AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Critical Application Vulnerable Items
- It is the count on indicator source Applications with active AVIs, which is using the table: sn_vul_analytics_app_ci_dept_bu. Goal is to minimize.
Breakdowns
- Age
- Age Closed
- Application
- Business Unit
- Risk Rating
- Scan Type
Data visualizations
| Name | Type | Description |
|---|---|---|
| V15.0: Penetration Test Findings in Validation Pending State | Pie Chart  |
Penetration test findings in Resolved state, but with validation pending, grouped by risk rating. |
| V15.0: Overdue Penetration Test Findings | Pie Chart |
Critical penetration test findings that have missed their remediation target date, grouped by risk rating. |
| Active Application Vulnerable Items (AVIs) | Single Score  |
Number of active (non-closed) application vulnerable items (AVIs). |
| Unassigned Application Vulnerable Items (AVIs) | Single Score |
Number of active application vulnerable items (AVIs) without an assignment group. |
| Application Vulnerable Item (AVI) Distribution | Pie Chart |
Distribution of all active application vulnerable items (AVIs) grouped by risk rating. |
| Application Vulnerable Items (AVIs) by Age | Heatmap  |
Number of active application vulnerable items (AVIs) grouped by risk rating and age (in days). |
| AVI trends | Trend  |
Trend of active application vulnerable items (AVIs) grouped by risk rating. |
| Average AVIs per application | Trend |
Trend of average application vulnerable items (AVIs) per application, grouped by risk rating. |
| Name | Type | Description |
|---|---|---|
| Mean time to Remediate Application Vulnerable Items (AVIs) | Line  |
Trend of the average remediation time for application vulnerable items (AVIs) by risk rating. |
| Net change of AVIs | Trend
|
Trend of new application vulnerable items (AVIs) detected vs closed by month. |
| Name | Type | Description |
|---|---|---|
| Top 10 Applications with Most Critical Application Vulnerable Items (AVIs) | Score card and Distribution Bar 
 |
Applications with most number of critical application vulnerable items (AVIs). |
| Top 10 Applications with Most Overdue Critical Application Vulnerable Items (AVIs) | Score card and Distribution Bar
|
Applications with the most number of active application vulnerable items (AVIs) that are past their remediation target dates. |