Request bulk exception in the Vulnerability Manager Workspace

  • Release version: Xanadu
  • Updated August 1, 2024
  • 4 minutes to read

    • Request an exception for multiple records (VITs, AVITs, CVITs or TRs) concurrently using the bulk edit feature instead of manually selecting each record.

    Before you begin

    Role required:
    • sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs)
    • sn_vul.app_sec_manager for application vulnerable items (AVITs)
    • sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs)
    • sn_vulc.admin for configuration test results (TRs)

    About this task

    When you request an exception for one or more records from the Bulk edit modal, a remediation task is created with the selected records.
    Note:
    The Application Vulnerable Items (AVITs) from the scanners with the Manage exceptions in ServiceNow parameter set to false are not updated.
    • If you select AVITs from various scanners, some with the Manage exceptions in ServiceNow parameter set to true and other set to false, the AVITs linked to the scanners with he Manage exceptions in ServiceNow parameter set to false are not updated.
    • If you select AVITs from only the scanners with the Manage exceptions in ServiceNow parameter set to false, the Defer option does not appear in the State field in the Bulk Edit modal.

    Procedure

    1. Navigate to Workspaces > Vulnerability Manager Workspace.
    2. On the List page, open the Active or All list in one of the following lists:
      • Host Vulnerable items
      • Container Vulnerable items
      • Application Vulnerable items
      • Configuration Test Results
    3. Perform one of the following:
      • Select the check box next to each item if you want to use the Only Selected Items option in the Record selection field.
      • Apply filters if you want to use the All records that match filter option in the Record selection field.
    4. Select the Bulk Edit button.
    5. On the form, fill in the following fields to request an exception for multiple records (VITs, AVITs, CVITs, or TRs) simultaneously.
      Table 1. Bulk Edit modal fields
      Field Description
      Record selection Records to update. Choices are:
      • Only Selected Items: Select this option if you want to update the records you selected using the check box.
      • All records that match filter: Select this option if you want to update the filtered records.
      • Remediation Task: Select this option if you want to update the records in a remediation task and then select the desired remediation task in the Remediation task field.
      • Vulnerability Entry: Select this option if you want to update the records specific to a vulnerability and then select a CVE or TPE in the Vulnerability Entry field.
        Note:
        This field appears for host vulnerable items, application vulnerable items, and container vulnerable items.
      • Configuration test: Select this option if you want to update the test results specific to a test and then select a test in the Configuration test field.
        Note:
        This option appears for Configuration test results only.
      Note:
      • Records with invalid CI or CI decommissioned aren’t updated.
      • Only the records in the Open, Under Investigation, or Awaiting Implementation state are updated.
      State
      Select the Deferred state to request an exception for the selected records.
      Note:
      • When you select this option, the Reason, Short description, Until, and Additional information fields appear.
      • When you defer records, a remediation task is created and this task is sent for approval.
      Reason Reason for deferring records:
      • Awaiting Maintenance Window
      • Fix Unavailable
      • Risk Accepted
      • Mitigating Control in Place
      • Other
      Note:
      The Reason field appears when you select the State as Deferred or Closed.
      Short description Brief note describing the reasons for deferral request. This information reflects in the Description field of the remediation task that is created for a deferral request.
      Note:
      This field appears when you select the State as Deferred and Closed-False positive.
      Until Date till which the record remains deferred.
      Note:
      This field appears when you select the State as Deferred.
      Additional information Any other necessary information. This information reflects in the Additional Information field in the Overview tab of the remediation task that is created for deferral and closed-false positive requests. If your deferral request is approved, this additional information appears as deferral notes for both VIT and remediation task.
      Note:
      This field appears when you select the State as Deferred and Closed-False positive.
      Work notes Text that you enter to describe the changes.
    6. Click  Edit.
    7. On the Take Questionnaire modal, answer the questions and click  Submit.
      A remediation task is created containing the records that you selected. Your request is submitted for approval and the State of the records changes to  In Review.
      Note:
      The Take Questionnaire modal appears only when the questionnaire is enabled for exception requests in the Exception Management form. For more information on configuring a questionnaire for exception requests, see Configure Exception Management for Vulnerability Response, Configure Exception Management for Application Vulnerability Response, and Configure Exception Management for Container Vulnerability Response.

      The approver receives an email notification about your request.

    Result

    In the Vulnerability Manager Workspace, on the List page, navigate to Exceptions > All, open the corresponding state change approval record (VCA#) and check the status of your request in the Approval state column:
    Approval state Result
    Approved The state of the Remediation task transitions to Deferred with the given Reason as sub-state. The state and reason are rolled down to the records.
    Rejected The state of the Remediation Task and its records doesn’t change.

    In the Activity stream of a record or remediation task, you can view the entire workflow of your request.