Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Indicator Sources and Indicators for the Operational Technology Vulnerability Response (PA) Dashboard

    The Operational Technology Vulnerability Response application in ServiceNow uses specific indicator sources and indicators to collect data and monitor the progress of vulnerability remediation within your OT environment. This enables you to track key metrics related to vulnerabilities and remediation tasks to maintain and improve security posture.

    Show full answer Show less

    Indicator Sources

    Indicator sources gather data primarily from two tables:

    • snvulvulnerableitem: Used by sources OTVI.New, OTVI.Active, and OTVI.Closed to track new, active, and closed OT vulnerable items respectively.
    • snvulvulnerability: Used by OTRT.Active to track active remediation tasks.

    Note: If you expect more than 1 million records from these sources, you must override the expected record count in the Records collection settings to ensure proper data collection performance.

    Key Indicators

    The application provides multiple indicators to measure vulnerability and remediation status, with the default setting to not collect records to avoid performance issues when handling large data volumes.

    • OT Vulnerable Items: Counts active vulnerable items. The goal is to reduce this number.
    • OT Critical Vulnerable Items: Counts critical active vulnerable items. Minimization is the goal.
    • OT Unassigned Vulnerable Items: Active vulnerable items without assignment. Aim to minimize unassigned items.
    • OT Closed Vulnerable Items: Tracks closed vulnerable items daily, with a goal to maximize closure.
    • OT Deferred Vulnerable Items: Counts deferred items and critical deferred items, with goals to minimize both.
    • OT Non-Deferred Overdue Critical Vulnerable Items: Counts overdue critical vulnerabilities that are not deferred; goal is to minimize.
    • OT Remediation Tasks: Monitors active remediation tasks and subsets including non-deferred, critical, overdue critical, and unassigned tasks; all aimed at minimization.
    • % Vulnerable Items Met Remediation Target: Percentage of closed vulnerable items meeting remediation targets, aiming to maximize this metric.
    • OT Vulnerable Item Mean Time to Remediate: Average duration to remediate closed vulnerable items, with the objective to minimize.
    • OT Summed Duration of Closed Vulnerable Items: Total time summed across closed vulnerable items, also targeted for minimization.

    Practical Use for ServiceNow Customers

    By leveraging these indicator sources and indicators, customers can effectively track and manage OT vulnerabilities and remediation efforts. Monitoring these metrics helps prioritize efforts, reduce risks by addressing critical and overdue items, and measure the efficiency of remediation processes. Adjusting record collection thresholds ensures the system can handle large data volumes without performance degradation.

    The Operational Technology Vulnerability Response application uses indicator sources and indicators to gather data and track the progress of your vulnerability remediation.

    Indicator sources

    The Operational Technology Vulnerability Response indicators gather data from the following indicator sources. If you expect more than 1 million records to be collected from the indicator sources, you must override the expected count in the Records collection section of the indicator source. For more information, see Review the indicator sources for a larger number of records.
    OTVI.New
    Uses the sn_vul_vulnerable_item table and collects the new OT vulnerable items.
    OTVI.Active
    Uses the sn_vul_vulnerable_item table and includes all the active vulnerable items in your OT system.
    OTVI.Closed
    Uses the sn_vul_vulnerable_item table and includes all the closed vulnerable items in your OT system.
    OTRT.Active
    Uses the sn_vul_vulnerablity table and includes all the active remediation tasks in your OT system.

    Indicators

    Several indicators are used to measure and track the progress of your vulnerability remediation in the Operational Technology Vulnerability Response application.

    The collect records option for the indicators is inactive by default for the Operational Technology Vulnerability Response application. This option is turned off to avoid the performance issues that may occur when you collect a large amount of data for each indicator.

    OT Vulnerable Items
    Number of the OT vulnerable items on the data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of vulnerable items in your system.
    OT Critical Vulnerable Items
    Number of the OT critical vulnerable items on the data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of critical vulnerable items in your system.
    OT Unassigned Vulnerable Items
    All active OT Vulnerable Items where both the Assignment Group and Assigned To fields are empty. The goal is to minimize the number of unassigned vulnerable items.
    OT Closed Vulnerable Items
    The OT Closed Vulnerable Items indicator is measured daily as a unit number. The goal is to maximize the number of closed vulnerable items in your system.
    OT Deferred Vulnerable Items
    Number of OT deferred vulnerable items on the data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of deferred vulnerable items in your system.
    OT Critical Deferred Vulnerable Items
    Number of OT critical deferred vulnerable items on data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of critical deferred vulnerable items.
    OT Non-Deferred Overdue Critical Vulnerable Items
    Number of OT non-deferred overdue critical vulnerable items on the data source OTVI.Active, which uses the sn_vul_vulnerable_item table. The goal is to minimize the number of non-deferred overdue critical vulnerable items in your system.
    OT Remediation Tasks
    Number of OT remediation tasks on the data source OTRT.Active, which uses the sn_vul_vulnerability table. The goal is to minimize the number of remediation tasks in your system.
    OT Non-Deferred Overdue Critical Remediation Tasks
    Number of OT non-deferred overdue critical remediation tasks on the data source OTRT.Active, which uses the sn_vul_vulnerability table. The goal is to minimize the number of non-deferred overdue critical remediation tasks in your system.
    OT Non-Deferred Remediation Tasks
    Number of OT non-deferred remediation tasks on the data source OTRT.Active, which uses the sn_vul_vulnerability table. The goal is to minimize the number of non-deferred remediation tasks in your system.
    OT Non-Deferred Critical Remediation Tasks
    Number of OT non-deferred critical remediation tasks on the data source OTRT.Active, which uses the sn_vul_vulnerability table. The goal is to minimize the number of non-deferred critical remediation tasks in your system.
    OT Unassigned Remediation Tasks
    All active remediation tasks where both the Assignment Group and Assigned To fields are empty. The goal is to minimize the number of unassigned remediation tasks in your system.
    % Vulnerable Items Met Remediation Target
    ([[Closed Vulnerable Items > Remediation Target = Target Met]] / [[Closed Vulnerable Items]]) * 100

    The goal is to maximize the percentage of vulnerable items that meet the remediation target in your system.

    OT Vulnerable Item Mean Time to Remediate
    [[Summed Duration of Closed Vulnerable Items]] / [[Closed Vulnerable Items]]
    OT Summed Duration of Closed Vulnerable Items
    Number of OT summed duration of closed vulnerable items on the data source OTVI.Closed, which uses the sn_vul_vulnerable_item table. The goal is to minimize the summed duration of the closed vulnerable items in your system.