State roll-up and roll-down scenarios

  • Release version: Xanadu
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of State roll-up and roll-down scenarios

    State roll-up and roll-down scenarios in vulnerability management automatically synchronize the status between remediation tasks (RTs) and vulnerable items (VITs). This ensures real-time updates, reduces manual tracking, improves accuracy, and provides a clear and current view of remediation progress. These scenarios help ServiceNow customers manage vulnerabilities efficiently and make timely, informed decisions.

    Show full answer Show less

    Roll-up Behavior

    Roll-up refers to how changes in the state of vulnerable items (VITs) affect the state of their associated remediation tasks (RTs). Key scenarios include:

    • If VITs change to non-final or non-actionable states, the RT remains open.
    • When all associated VITs share the same closed sub-state, the RT closes with that sub-state.
    • If associated VITs have different closed sub-states, the RT closes without a sub-state.
    • For mixed closed and deferred VITs, the RT is deferred with sub-states reflecting the deferred VITs, with the deferment date set to the earliest of all VITs.
    • VITs marked as fixed but pending verification keep the RT open.
    • Reopened VITs after being closed as fixed or stale do not change the RT state, which remains closed-fixed or closed-cancelled respectively.
    • When VITs are decommissioned, multiple RTs related to those VITs transition to closed-cancelled.
    • If a resolved VIT reopens, the RT state depends on whether it was previously assigned: reassigned RTs go under investigation; unassigned RTs revert to open.

    Roll-down Behavior

    Roll-down covers how changes in remediation task (RT) states propagate to their associated vulnerable items (VITs), unless manual overrides or exceptions apply. Important scenarios include:

    • RT transitions to non-final or non-actionable states prompt VITs to mirror those states (e.g., open to under investigation or in review).
    • Deferring an RT with a specified reason defers all associated VITs with the same reason.
    • Marking an RT as resolved updates associated VITs to resolved.
    • Closing an RT without full resolution (closed-cancelled or closed-fixed with exceptions) leaves VITs open.
    • When multiple RTs exist for a group of VITs, states can vary—one RT may progress while another remains in a prior state, reflecting partial progress or mixed outcomes at the VIT level.
    • If an RT reopens after resolution, associated VITs may reopen while others remain resolved.

    Practical Implications for ServiceNow Customers

    This automatic synchronization between VITs and RTs streamlines vulnerability remediation workflows by:

    • Providing accurate, up-to-date tracking of remediation progress across tasks and vulnerabilities.
    • Reducing manual intervention and errors in state management.
    • Supporting complex scenarios with multiple remediation tasks per vulnerability.
    • Enabling clear visibility into mixed states and exceptions for better decision-making.

    Understanding these roll-up and roll-down rules helps customers configure and interpret vulnerability management states effectively within ServiceNow, ensuring consistent and reliable status updates throughout the remediation lifecycle.

    State roll-up and roll-down scenarios automatically sync the status of remediation tasks (RTs) and vulnerable items (VITs), ensuring real-time updates across both. This dynamic interaction reduces manual tracking, enhances accuracy, and provides users with an up-to-date view of progress, making vulnerability management more efficient and helping users make informed decisions quickly.

    Roll-up behavior

    When vulnerable item (VIT)states change, these changes may propagate up to the remediation task (RT)level. The following table summarizes key roll-up scenarios where changes in vulnerable item (VIT) state may influence the associated remediation task (RT) state, based on closure conditions, reassignments, and deferrals.

    Table 1. Roll-up scenarios
    VITs State Condition RT State
    Open → Under Investigation / Awaiting Implementation (any sub-state) / In Review / Closed–False Positive / Closed–Invalid / Closed–Result Invalid / Resolved VIT transitions to any non-final or non-actionable state Remains Open
    Open → Closed All associated VITs have the same sub-state Closed – <same sub-state as VITs>
    Open → Closed All associated VITs have different sub-states Closed – <no sub-state>
    Open → some Closed VITs and some Deferred VITs All associated Deferred VITs have the same sub-state Deferred – <same sub-state as VITs>

    (Until date = earliest of all VITs)
    Open → some Closed VITs and some Deferred VITs All associated Deferred VITs have different sub-states Deferred – <no sub-state>

    (Until date = earliest of all VITs)
    Open → Closed–Fixed (after next scan) → Resolved VITs marked as fixed but pending verification Remains Open
    Closed–Fixed → Open VIT reopens after being Closed–Fixed Remains Closed–Fixed
    Closed–Stale → Open VIT reopens after being Closed–Stale Remains Closed–Cancelled
    Under Investigation → Closed–CI Decommissioned Multiple RTs (e.g., RT1, RT2) exist for related VITs Each RT transitions to Closed–Cancelled
    Resolved → Open If a resolved VIT reopens and the previously associated RT was assigned to a user Resolved → Under Investigation
    Resolved → Open If a resolved VIT reopens and the previously associated RT was unassigned to a user Resolved → Open

    Roll-down behavior

    When the state of a remediation task changes, the state is often propagated to the associated VITs unless overridden by manual updates or specific exceptions. The following table summarizes key roll-down scenarios where changes in remediation task (RT) state may affect the associated vulnerable item (VIT) state, based on precedence rules and special conditions.

    Table 2. Roll-down scenarios
    RT State Condition VIT State
    Open → Under Investigation / In Review / Closed–False Positive RT transitions to a non-final or non-actionable state Mirrors RT state change (Open → <same state as RT>)
    Open → Deferred (Sub-state: Reason Given) RT deferred with a specified reason Open → Deferred (Sub-state: Reason Given)
    Open → Resolved RT marked as resolved Open → Resolved
    Open → Closed–Cancelled / Closed–Fixed with Exceptions RT closed without full resolution Remains Open
    RT1: Open → Under Investigation; RT2: Open One RT moves to Under Investigation while another remains Open Open → Under Investigation
    RT1: Open → Under Investigation → Awaiting Implementation; RT2: Under Investigation One RT progresses to Awaiting Implementation Open → Under Investigation → Awaiting Implementation
    RT1: Awaiting Implementation → Deferred; RT2: Awaiting Implementation One RT deferred while another remains Awaiting Implementation Awaiting Implementation → Deferred
    RT1: Awaiting Implementation → Closed–Cancelled; RT2: Under Investigation One RT cancelled while another is Under Investigation Awaiting Implementation → Under Investigation
    Open → Closed–Fixed with Exceptions Mixed outcome: one VIT closed as fixed with exceptions, another remains open VIT1: Open → Closed–Fixed; VIT2: Remains Open
    Open → Resolved Mixed outcome—one VIT closed as fixed and another resolved VIT1: Open → Closed–Fixed; VIT2: Open → Resolved
    Resolved → Open RT reopens after resolution VIT2 reopens; VIT1 remains Resolved