Create a remediation effort in the Security Exposure Management Workspace

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 7 minutes de lecture

    • A remediation effort record is a static list of records that you create from a watch topic in the Security Exposure Management Workspace.

    Avant de commencer

    Role required:
    • sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs)
    • sn_vul.app_sec_manager for application vulnerable items (AVITs)
    • sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs)
    • sn_vulc.admin for configuration test results (CTRs)

    Pourquoi et quand exécuter cette tâche

    You use remediation efforts to hand off the tasks IT teams use to fix vulnerabilities and mis-configurations.
    • You can edit existing remediation efforts.
    • Create remediation efforts that are created automatically on the dates and times that you set.
    • Transfer records from existing remediation efforts into a new remediation effort.

    The Create Remediation Effort button is disabled when the watch topic is inactive.

    Procédure

    1. Navigate to All > Security Exposure Management Workspace > Watch Topics.
    2. On the Watch Topics page, select a watch topic that you want to create a remediation effort for.
    3. To view the records that are associated with the selected watch topic, under the record header, click Vulnerable Items, Application Vulnerable Items, Container Vulnerable Items or Configuration Test Results tab in their respective watch topics.

      The records display.

      For example, in the header under the Vulnerable Items tab, you can view the total number of records that this watch topic has.

      The following columns and data are displayed:
      Tableau 1. Columns in the Vulnerable Items tab
      Column Description
      Number The record number.
      Summary Description of the vulnerability.
      Configuration item The asset associated with the vulnerability.
      Risk rating Quantified Risk Score separating records into Critical, High, Medium, Low, and None.
      State Status of the record.
      Remediation status Status of remediation for a record.
      Assignment group Assignment groups responsible for remediation. Assignment of records to groups is based on the assignment rules that you create.
      Remediation effort If it is assigned to a remediation effort, each record lists its assigned remediation effort. After it is added to a remediation effort, a record won't be added to any other remediation efforts that you create.
      Assignment group Assignment groups responsible for remediation. Assignment of records to groups is based on the assignment rules that you create.
      Remediation effort If it is assigned to a remediation effort, each record lists its assigned remediation effort. After it is added to a remediation effort, a record won't be added to any other remediation efforts that you create.
      In remediation task If true, this value indicates that a record is already in a remediation task. Records can be in multiple remediation tasks, but a record can be added only to one remediation effort.
      Exploit exists Indicates if a known exploit exists for a record.
      Last opened

      Date when the record was last opened in your ServiceNow AI Platform. If the record was closed and then reopened, this is the last time the record was reopened.
    4. To create a remediation effort, click Create Remediation Effort.

      When you create remediation effort, records already in existing remediation efforts are not added to any new remediation efforts that you create from this watch topic.

      As records are updated or new records are created in watch topics, you can create remediation efforts.

    5. Alternatively, you can Create a recurring remediation effort in the Security Exposure Management Workspace.

      The Edit button is available in the menu for existing remediation efforts. You have the option to modify the fields and conditions from a modal that is displayed. Any changes you make and save to the remediation effort record do not affect any of the other remediation efforts you have already created from the watch topic.

    6. In step 1 of the Create Remediation Effort modal, fill in the fields.

      In the Short description field, enter text that describes the recurring remediation effort and helps you locate and track it from the effort list.

      In the Description field, enter more text about the context of the effort that helps you locate it easily from the list of remediation efforts.

    7. In step 2, Task generation, choose one method from the list to bundle the records in the remediation tasks that you generate from this remediation effort after it is created.
      OptionDescription
      By Assignment group Records with same assignment group are bundled into one Remediation Task.
      By Assignment group and configuration item Records with same assignment group and Configuration Item are bundled into one Remediation Task.
      By Assignment group and (vulnerability or configuration test) Records with same assignment group and Configuration Item are bundled into one Remediation Task.
      None (No remediation tasks are created). Use this method if you want to add records manually to a remediation task for this effort. See Create a remediation task on-demand from Remediation Effort in the Vulnerability Manager Workspace.
    8. To automatically refresh the duplicate host vulnerable items, you must select the Automatically refresh duplicate vulnerable items for the created remediation tasks check box.
      Remarque :
      This check box is available only for Host Vulnerabilities.
    9. In step 3, Transfer, verify how many records you want to add to the remediation effort and see how many records are available for transfer from other active remediation efforts.

      If there are no new, active records to add, the following text is displayed:

      There are no available active records that you can add to this new remediation effort.

      Any additional records that are available for transfer to this effort are listed under Additional matching records .

      Select the Transfer matching records from other active remediation efforts check box and then select the check boxes for the records you want to transfer from other active remediation efforts.

      Figure 1. Version 18.0 Create Remediation Effort
      Version 18.0 Create Remediation Effort

      After you click Create Remediation Effort, in a few moments, the new remediation effort is displayed. Depending on the number of records, it may take some time to populate the new record. A message indicates if the record is still populating.

      The new remediation effort is created with any records that are available from the watch topic used to create it, in addition to any records that you selected for transfer from existing efforts.

      If you select records to transfer from an existing effort, and the existing effort transfers all of its records into your new effort, the remediation effort you moved the records from is closed. For more information on how the Remediation Tasks associated with the Remediation Efforts are impacted by the records transfer, see Life cycles of remediation efforts, remediation tasks, and records in the Vulnerability Response Workspaces.

      Remarque :
      If there are not any records available from the watch topic, or any records selected for transfer, the Create Remediation Effort button is deactivated.

      The Populate Efforts scheduled job runs every 10 minutes to populate the data in the widgets based on the condition selected.

      Click Remediation Progress tab to view the remediation progress. Click any item to view details including record type, risk score, risk rating, percentage of records remediated, records in deferred and non-deferred state and total number of records, conditions used in the watch topic, and remediation status. The Remediation Status information such as Remediation target and Remediation status is rolled up from the Vulnerable Items table. The highest record risk score is rolled-up from the Vulnerability Calculators table while risk score is rolled up from the Vulnerability Rollup Calculators > Remediation Effort Rollup.

      The Remediation Tasks tab displays the tasks for all types of issues. The fields are populated when the following scheduled jobs run. They are executed automatically every 15 minutes:
      • Rollup application vulnerable item values to vulnerability and group.
      • Rollup container vulnerable item values to vulnerability and group.
      • Rollup test result values to test result group and configuration test.
      • Rollup vulnerable item values to vulnerability and group.

      In the Lists view, you can view the Remediation efforts, Remediation Tasks, Vulnerable Items, Configurations Test Results and so on. You can open a remediation task or a vulnerable item and view the Details page. Click the More Actions ellipses and click Start Investigation to resolve a remediation task.

    10. Facultatif : You can also edit existing recurring remediation efforts.

      If there is an existing recurring remediation effort for a watch topic, Edit recurring effort is available from the menu in the upper right of a watch topic. Choose this option to edit the recurring effort.

      Any changes you make and save to the remediation effort record do not affect any of the other remediation efforts you have already created from the watch topic.