Configure Exception Management for Application Vulnerability Response

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 5분

    • Limit the duration of an exception requested and add a questionnaire to the exception or false positive request using the module. By default, an exception is requested using the ServiceNow® Application Vulnerability Response module. You can also request an exception using the GRC: Policy and Compliance Management integration.

    시작하기 전에

    Role required: sn_vul.app_manage_exception_configuration

    이 태스크 정보

    If Vulnerability Response is enabled, you can limit the duration for which an exception can be requested. Similarly, if the GRC: Policy and Compliance Management module is installed, you can select GRC: Policy and Compliance Management on the configuration screen. Enabling this option lets you request an exception that specifies the Policy and Control objective from GRC.

    If you add a questionnaire, it’s sent to the person raising the exception or the false positive request. You can either use the default questionnaire or create one based on your requirements.

    It’s useful for the exception approver to understand the reason for requesting the exception.

    프로시저

    1. Navigate to All > Application Vulnerability Response > Administration > Exception Management.
    2. On the Exception Management Configuration form, select how you want to manage an exception by selecting an option from the Manage exceptions using list.
      주:
      Starting with Vulnerability Response version 17.1, you can select either Vulnerability Response or GRC: Policy and Compliance Management. You must activate the GRC plugin to use GRC: Policy and Compliance Management to request an exception. Changing the configuration doesn’t impact the existing data.
    3. Fill the fields on the form based on what option that you selected.
      • If you selected the Vulnerability Response option, then fill in the fields on the form.
        표 1. Settings for VR Exception Management form
        Field Description
        Duration Period for which an exception can be requested.
        Unit Unit of time for the specified period.
        Enable questionnaire to request exception Option to add a questionnaire to the exception request being raised.
        Questionnaire to request exception Option to display the questionnaire selected by you to request an exception. The Exception Questionnaire is displayed by default.
        Enable questionnaire to mark false positive Option to add a questionnaire to the false positive request being raised.
        Questionnaire to mark false positive Option to display the questionnaire selected by you to mark as a false positive. The questionnaire for false positive request is displayed by default.
      • If you selected the GRC: Policy and Compliance Management option, then fill in the fields on the form.
        표 2. Settings for VR Exception Management form
        Field Description
        Enable questionnaire to mark false positive Option to add a questionnaire to the false positive request being raised.
        Questionnaire to mark false positive Option to display the questionnaire selected by you to mark as false positive. The questionnaire for false positive request is displayed by default.
    4. Select Save.