Vulnerability Management (PA) dashboard

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 14 minutes de lecture

    • Track the volume, performance and progress of vulnerabilities from initial analysis and detection to containment, or remediation. You can filter reports by assignment group, exploits, risk rating, or state, for example. Quickly gain insight into your vulnerability exposure and which business services are affected.

    Required ServiceNow AI Platform roles

    Role required: sn_vul.vulnerability_admin, sn_vul.vulnerability_analyst, and users with sn_vul.vulnerability_read (or who inherit the sn_vul.vulnerability_read role), and pa_viewer.

    Use cases

    For examples of how different people in your organization would use this dashboard, see these use cases.
    User Dashboard use
    It managers, IT analysts, vulnerability remediation owners Help your organization deal with increasing security incidents due to exploited vulnerabilities by efficiently determining which vulnerable items present the most risk. These dashboards provide a graphical view into vulnerable item activity and help design remediation plans and status progress. You can focus on the KPIs associated with critical affected assets and high-visibility vulnerabilities.

    To view the Vulnerability Management (PA) dashboard, navigate to Vulnerability Response > Overview.

    See reports that show trending data over time. Reports with real-time data are listed below. View trends of important metrics on a regular schedule to analyze your overall business processes and identify areas of improvement.

    For more information about how to view your PA reports with real-time scores, see View Performance Analytics for Vulnerability Response [PA] reports in real time.

    The Vulnerability Management [PA] dashboard tabs

    Figure 1. Overview tab

    This dashboard communicates KPIs for vulnerability risk and prevalence, affected assets, remediation target adherence, and remediation progress.

    On the Overview tab, you can view the Critical Vulnerable Items by Assignment Group report that is run based on the scheduled job.

    Overview tab
    Figure 2. Business Services tab

    This dashboard exposes vulnerability risk at the business service level. Sharing this information across the organization can assist service managers to remediate vulnerabilities promptly and proactively, and drive the organization toward a shared responsibility model of information security.

    You can change the service class to technical or application services using the system property sn_vul.service_classifications.

    Business Services tab
    Figure 3. Service Owners tab

    This dashboard aggregates the vulnerability risk from the business service level to the service owners — the executives responsible for those business services. It shows which executives are assuming the most vulnerability risk and which may require the most help encouraging prompt remediation activities.

    Service Owners tab
    Figure 4. Vulnerable CIs tab

    This dashboard shows the scope and composition of CIs with active vulnerabilities, and which categories of CIs need the most attention. Identify decommissioned assets with active vulnerable items and confirm that the assets have been decommissioned. View the number of vulnerable CIs that lack ownership information, so that you can proactively identify owners for these assets before a critical vulnerability affects those systems.

    On the Vulnerable CIs tab, you can view the Vulnerable CIs Without Owners and Retired or Stolen CIs with Active VIs reports in real-time.

    Vulnerable CIs tab
    Figure 5. Exceptions tab

    This dashboard help you understand where your organization is taking risk due to potentially excessive deferrals and reconsider remediation options.

    You can view Deferred Vulnerable Items by Reason, Expiring Deferral Requests, Exceptions for Critical Vulnerable Items by Assignment Group, and Exception Requests by Requester reports.

    Exceptions tab
    Figure 6. Remediation tab

    This dashboard helps you understand the progress of your remediation actions, and which support teams need the most assistance with their completion.

    On the Remediation tab, you can view Unassigned Vulnerable Items report in real-time.

    Remediation tab

    Indicators

    Vulnerability Response indicators

    There are a number of indicators used to measure and track the progress of your vulnerability remediation in the Vulnerability Response application.

    The collect records option for the indicators is disabled by default for the Vulnerability Response application. This option is disabled so that certain reports can be viewed in real-time. Trending information used by these indicators is still available if you prefer to enable collect records manually and view the records that make up the scores.

    Distinct Vulnerabilities
    Distinct Vulnerabilities with count_active_vi > 0. Goal is to minimize.
    Non-Deferred Overdue Critical Vulnerable Items
    It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    % Vulnerable Items Met Remediation Target
    ([[Closed Vulnerable Items > Remediation Target = Target Met]] / [[Closed Vulnerable Items]]) * 100. Goal is to maximize.
    Unassigned Vulnerable Items
    All active Vulnerable Items where both the Assignment Group and Assigned To fields are empty. Goal is to minimize.
    Critical Vulnerable Items (Services)
    It is the count on data source Active VIs (Services), which is using the table: sn_vul_analytics_business_services_vi. Goal is to minimize.
    High Overdue Vulnerable Items (Services)
    It is the count on data source Active VIs (Services), which is using the table: sn_vul_analytics_business_services_vi. Goal is to minimize.
    Unassigned Remediation Tasks
    All active remediation tasks where both the Assignment Group and Assigned To fields are empty. Goal is to minimize.
    Critical Vulnerable Items
    It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    Vulnerable Items
    It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    New Vulnerable Items
    It is the count on data source VI.New, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    Vulnerable Configuration Items
    It is the count distinct on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    Summed Duration of Closed Vulnerable Items
    It is the sum on data source VI.Closed, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    Non-Deferred Remediation Tasks
    It is the count on data source VG.Active, which is using the table: sn_vul_vulnerability. Goal is to minimize.
    Vulnerable Item Mean Time to Remediate
    [[Summed Duration of Closed Vulnerable Items]] / [[Closed Vulnerable Items]]
    Critical Overdue Vulnerable Items (Services)
    It is the count on data source Active VIs (Services), which is using the table: sn_vul_analytics_business_services_vi. Goal is to minimize.
    Retired Configuration Items
    It is the count distinct on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    Deferral Requests
    It is the count on data source Active Deferral Requests, which is using the table: sn_vul_change_approval. Goal is to minimize.
    Vulnerable Items by Configuration Items
    It is the count on data source CIs with Active VIs, which is using the table: sn_vul_analytics_vi_ci_class. Goal is to minimize.
    Closed Vulnerable Items
    Closed Vulnerable Items is measured daily as unit #. The goal is to maximize.
    Unmatched Configuration Items
    Lists the hosts discovered by 3rd party vulnerability scanners that don't match any existing CIs in the CMDB.
    Non-Deferred Overdue Critical Remediation Tasks
    It is the count on data source VG.Active, which is using the table: sn_vul_vulnerability. Goal is to minimize.
    Vulnerable Configuration Items Without Support Group
    It is the count on data source VI.Open, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    Non-Deferred Critical Remediation Tasks
    It is the count on data source VG.Active, which is using the table: sn_vul_vulnerability. Goal is to minimize.
    Deferred Vulnerable Items
    It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    High Vulnerable Items (Services)
    It is the count on data source Active VIs (Services), which is using the table: sn_vul_analytics_business_services_vi. Goal is to minimize.
    Distinct Configuration Items with Active Vulnerable Items
    It is the count distinct on data source CIs with Active VIs, which is using the table: sn_vul_analytics_vi_ci_class. Goal is to minimize.
    Average Number of Vulnerable Items per Configuration Item
    [[Active Vulnerable Items]] / [[Vulnerable CIs]]. Goal is to minimize.
    Remediation Tasks
    It is the count on data source VG.Active, which is using the table: sn_vul_vulnerability. Goal is to minimize.
    Critical Deferred Vulnerable Items
    It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
    Deferral Requests (created)
    It is the count on data source Closed.Requests, which is using the table: sn_vul_change_approval. Goal is to minimize.

    Breakdowns

    The following breakdown names apply to the indicators on the dashboard:
    • Age
    • Age Closed
    • Assignment Group
    • CI Class
    • CI Manager
    • Deferral Age
    • Deferral Reason
    • Exception Requesters
    • Exploit Attack Vector
    • Exploit Exists
    • Exploit Skill Level
    • Remediation Target Rule
    • Remediation Target Status
    • Remediation Target Status (Closed)
    • Risk Rating
    • Service
    • Service Criticality
    • Service Owner
    • Severity
    • State
    Remarque :
    Customizing the Age and Age closed calculation for vulnerable items (VIs) may lead to a sharp rise or drop in the Performance Analytics (PA) reports that include these metrics. For more information on how to customize the calculation of Age and Age closed for VIs, see the KB1703270 KB article.
    Breakdown source
    • Assignment Group: Applies to VI or and RT reports
    • Exploit Exists: Applies to VI reports.
    • Exploit Attack Vector: Applies to VI reports.
    • Exploit Skill Level: Applies to VI reports.
    • Remediation Target Status: Applies to VI and RT reports.
    • Risk Rating: Applies to VI and RT reports.
    • State: Applies to VI and RT reports.

    Data visualizations

    Title Type Description
    Vulnerabilities Single Score Single-score icon Number of vulnerabilities associated with one or more active vulnerable items.
    Vulnerable Items (VIs) Single Score Single-score icon Number of active (non-closed) vulnerable items.
    Vulnerable Configuration Items (CIs) Single Score Single-score icon Number of configuration items (CIs) associated with one or more active vulnerable items.
    Remediation Tasks Single Score Single-score icon Number of active (non-closed) remediation tasks.
    Vulnerable Items by Risk Rating Bar Bar icon Number of active vulnerable items grouped by risk rating over the selected time span.
    Vulnerable Items by Age and Risk Rating Heatmap Heatmap icon Number of active vulnerable items grouped by risk rating and age (in days).
    VIs Met Remediation Target Single Score Single-score icon

    Percentage of closed vulnerable items that have met their remediation target dates in the current and previous quarters.

    Remediation targets are calculated from the Last Opened date plus the number of days (measured as 24-hour increments).
    VIs Mean Time to Remediation (MTTR) Single Score Single-score icon The mean time to remediate (close) a vulnerable item, displayed as a 30-day running average.
    Remarque :
    The value for Age Closed is calculated when data is collected. The value is the difference between the last_opened date and the date and time of the collection job.
    Critical Remediation Tasks Near Due Single Score Single-score icon

    Number of active remediation tasks approaching their remediation target date.

    The remediation target date of a remediation task is set to the closest due date belonging to an active vulnerable item in the group.

    Remediation targets are calculated from the Last Opened date plus the number of days (measured as 24-hour increments).

    This report excludes deferred remediation tasks.
    New and Closed Vulnerable Items Bar Bar icon Number of New and Closed vulnerable items over the selected time span.
    Remarque :
    The value for Age Closed is calculated when data is collected. The value is the difference between the last_opened date and the date and time of the collection job.
    Closed Vulnerable Items by Remediation Target Status Bar Bar icon Number of Closed vulnerable items grouped by remediation target status over the selected time span.
    Remarque :
    The value for Age Closed is calculated when data is collected. The value is the difference between the last_opened date and the date and time of the collection job.
    Critical Vulnerable Items by Assignment Group List and LineList icon3 Line icon Number of active vulnerable items with a critical risk rating grouped by assignment group.
    Overdue Critical Vulnerable Items by Assignment Group List and LineList icon3 Line icon

    Number of active vulnerable items with a critical risk rating and past their remediation target dates, grouped by assignment group.

    Remediation targets are calculated from the Last Opened date plus the number of days (measured as 24-hour increments).

    This report excludes deferred vulnerable items.
    Tableau 1. Business Services
    Name Type Description
    Critical Vulnerable Items List, Line, and Distribution Bar List icon Line icon Distribution bar icon

    Number of active vulnerable items with a critical risk rating, grouped by business service.

    Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend.

    The distribution bar displays the difference between all values on the current page of the scorecard.
    Overdue Critical Vulnerable Items List, Line, and Distribution Bar List icon Line icon Distribution bar icon

    Number of active vulnerable items with a critical risk rating and past their remediation target dates, grouped by business service.

    Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend.

    The distribution bar displays the difference between all values on the current page of the scorecard.

    This report excludes deferred vulnerable items.
    High Vulnerable Items List, Line, and Distribution Bar List icon Line icon Distribution bar icon

    Number of active vulnerable items with a high risk rating, grouped by business service.

    Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend.

    The distribution bar displays the difference between all values on the current page of the scorecard.
    Overdue High Vulnerable Items List, Line, and Distribution Bar List icon Line icon Distribution bar icon

    Number of active vulnerable items with a high risk rating and past their remediation target dates, grouped by business service.

    Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend.

    The distribution bar displays the difference between all values on the current page of the scorecard.

    This report excludes deferred vulnerable items.
    Tableau 2. Service Owners
    Name Type Description
    Critical Vulnerable Items List, Line, and Distribution Bar List icon Line icon Distribution bar icon

    Number of active vulnerable items with a critical risk rating, grouped by business service owner.

    Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend.

    The distribution bar displays the difference between all values on the current page of the scorecard.
    Overdue Critical Vulnerable Items List, Line, and Distribution Bar List icon Line icon Distribution bar icon

    Number of active vulnerable items with a critical risk rating and past their remediation target dates, grouped by business service owner.

    Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend.

    The distribution bar displays the difference between all values on the current page of the scorecard.

    This report excludes deferred vulnerable items.
    High Vulnerable Items List, Line, and Distribution Bar List icon Line icon Distribution bar icon

    Number of active vulnerable items with a high risk rating, grouped by business service owner.

    Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend.

    The distribution bar displays the difference between all values on the current page of the scorecard.
    Overdue High Vulnerable Items List, Line, and Distribution Bar List icon Line icon Distribution bar icon

    Number of active vulnerable items with a high risk rating and past their remediation target dates, grouped by business service owner.

    Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend.

    The distribution bar displays the difference between all values on the current page of the scorecard.

    This report excludes deferred vulnerable items.
    Tableau 3. Vulnerable CIs
    Name Type Description
    Vulnerable Configuration Items (CIs) by CI Class Bar Bar icon Numbers of configuration items with active vulnerabilities, grouped by CI class in the CMDB.
    Vulnerable Items (VIs) by CI Class Treemap Treemap icon Number of active VIs broken down by CI class.
    Average Vulnerable Items per CI Bar Bar icon Average number of vulnerable items belonging to a configuration item, grouped by risk rating.
    Unmatched CIs Single Score Single-score icon Number of imported configuration items that do not match any existing CI in the CMDB.
    Vulnerable CIs Without Support Group Single Score Single-score icon Number of vulnerable configuration items that do not have an assigned support group.
    Retired or Stolen CIs with Active VIs Single Score Single-score icon Number of configuration items marked Retired or Stolen in the CMDB that have active vulnerable items.
    Tableau 4. Exceptions
    Name Type Description
    Deferred Vulnerable Items by Reason Bar Bar icon Number of deferred vulnerable items grouped by deferral reason.
    Deferral Requests About to Expire Bar Bar icon

    Number of deferral requests associated with remediation tasks or vulnerable items that are about to be reopened for review. They are grouped by the number of days left until they reopen.

    If email notifications are defined, an email is sent.
    Deferred Vulnerable Items by Configuration Item (CI) Manager Bar Bar icon Number of deferred vulnerable items grouped by the manager for the associated configuration item.
    Tableau 5. Remediation
    Name Type Description
    Remediation Tasks by Risk Rating and State Heatmap Heatmap icon Number of active remediation tasks grouped by risk rating and state.
    Remediation Tasks by Risk Rating and Remediation Target Status Heatmap Heatmap icon

    Number of active tasks grouped by risk rating and remediation target status.

    This report excludes deferred vulnerable items.
    Critical Remediation Tasks by Assignment Group List and Line List icon3 Line icon

    Number of active remediation tasks with a critical risk rating grouped by assignment group.

    This report excludes deferred remediation tasks.
    Overdue Critical Remediation Tasks by Assignment Group List and Line List icon3 Line icon

    Number of active remediation tasks with a critical risk rating and past their remediation target dates, grouped by assignment group.

    This report excludes deferred remediation tasks.
    Unassigned Remediation Tasks Single Score Single-score icon Number of active remediation tasks without an assignee or assignment group.
    Unassigned Vulnerable Items Single Score Single-score icon Number of active vulnerable items without an assignee or assignment group.