Operational Technology Vulnerability Response vulnerable item form fields
List of fields displayed in a vulnerable items created for OT devices.
Vulnerable item fields
| Field | Description |
|---|---|
| Overview | |
| Number | Automatically generated vulnerable item number for this record. |
| State | This field defaults to Open, but you can change it to Under Investigation if the vulnerability is ready for immediate remediation. |
| Risk rating | Quantified Risk Score separating vulnerable items into Critical, High, Medium, Low, and None. For more information on risk ratings, see Vulnerability Response calculators and vulnerability calculator rules. Note: This base Risk rating isn’t the same as the Solution record Risk rating. |
| Risk score |
Calculated amount of risk the vulnerable item poses to your environment.
Note: This base Risk score isn’t the same as the Solution record Risk score. For more information, see Vulnerability Response calculators and vulnerability calculator rules. |
| Vulnerability | ID of the vulnerability associated with this vulnerable item. |
| Source | Scanner that found this vulnerable item. |
| Configuration item | ID of the OT asset associated with this vulnerable item. |
| Assignment group | Group selected to work on this remediation task. |
| Assigned to | Individual from the selected assignment group that works on this vulnerability. |
| Created | Date this vulnerable item was created in your instance. |
| Last opened | Date the vulnerable item was most recently opened in your instance. Initially, this is the same as the creation date of the vulnerable item, however, if it was closed, then reopened the Last opened date contains the date and time reopened. |
| Updated | Date of the last scan. |
| Summary | Description of the vulnerability. |
| Severity | Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see .Create a Vulnerability Response severity map. |
| Vulnerability score (v3) | CVSS v3 score. |
| Vulnerability score (v2) | CVSS v2 score. |
| Exploit exists | Yes, if at least one exploit is associated with the vulnerabilities associated with this vulnerable item. |
| Exploit attack vector | Most vulnerable attack vector of the exploits for the vulnerabilities associated with this vulnerable item. |
| Exploit skill level | Lowest skill level required to exploit the vulnerabilities associated with this vulnerable item. |
| Date published | Date the vulnerability was published. |
| Last modified | Date the vulnerability was last modified. |
| Threat | Relevant information about the threat. Pulled from the vulnerable entry record. Note: Any changes made here update the vulnerable entry record. |
| Remediation notes | Relevant solution to the threat, pulled from the vulnerable entry record. |
| Additional comments/Work notes | Any relevant information. Select the check box to add Additional comments. Starting with Vulnerability Response v20.0, you can add work notes in the Notes section for a deferred vulnerable item. |
| Activity | Only appears when a work note has been created. |
| Related Links | |
| Calculate Risk Score | When either the Vulnerability Severity or Risk Score calculators is enabled, the Risk Score field is updated. |