Operational Technology Vulnerability Response (PA) dashboard

  • Release version: Zurich
  • Updated July 31, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Operational Technology Vulnerability Response (PA) dashboard

    The Operational Technology Vulnerability Response (OTVR) dashboard in ServiceNow Zurich release enables organizations to track, analyze, and manage vulnerabilities in Operational Technology (OT) environments. It provides visibility into the volume, risk, and remediation progress of OT vulnerable items (VIs) from detection through containment and resolution. This dashboard supports filtering by assignment group, exploit status, risk rating, and state, helping customers understand their vulnerability exposure and impacted services.

    Show full answer Show less

    Access to the dashboard requires the snotvr.remediationowner role, and navigation is via Industrial Workspace > Dashboard Library > Operational Technology Vulnerability Response.

    Key Features

    • Target Users: OT site managers, analysts, and remediation owners use this dashboard to prioritize and manage security incidents related to OT vulnerabilities.
    • Dashboard Tabs:
      • Vulnerable Items Tab: Displays KPIs related to vulnerability risk, affected devices, remediation adherence, and progress, with reports on total/new/unassigned VIs, risk ratings, remediation targets, MTTR, and overdue critical items.
      • Remediation Tab: Shows real-time insights into remediation task status, risk ratings, assignment groups, and overdue critical tasks, highlighting where support is needed.
      • Exception Tab: Identifies risks from deferred remediation, showing exceptions by reason and assignment group.
    • Site Filter: Allows filtering dashboard data by specific OT sites, requiring the cmdbotisaviewer role with site access.
    • Indicator Sources and Collection: The dashboard gathers data primarily from active and closed OT vulnerability indicators and remediation tasks. Collection jobs run daily and historically to keep data current.
    • Breakdowns and Filters: Data is grouped by attributes such as age, assignment group, deferral reason, exploit details, remediation status, risk rating, and severity, enabling detailed analysis.
    • Data Visualizations: Visual charts, like bar charts grouped by OT device type, provide intuitive insights into vulnerability counts and remediation progress.

    Practical Benefits for ServiceNow Customers

    • Helps prioritize OT vulnerabilities based on risk and remediation status to reduce security incidents.
    • Supports tracking remediation efforts, highlighting overdue and critical vulnerabilities requiring immediate attention.
    • Enables risk management by identifying deferred vulnerabilities and exceptions to remediation policies.
    • Facilitates role-based access and filtering to ensure users view relevant site-specific data.
    • Leverages real-time and historical data for comprehensive vulnerability management and continuous improvement.

    Track the volume, performance, and progress of the Operational Technology (OT) vulnerable items (VIs) from the initial analysis and detection to the containment, or remediation. You can filter the reports by the assignment group, exploits, risk rating, or state to get insight into your vulnerability exposure and the services that are affected.

    Required Operational Technology and Operational Technology Vulnerability Response roles

    To access the OTVR (PA) dashboard, you must have the sn_otvr.remediation_owner role.

    To view the Operational Technology Vulnerability Response (PA) dashboard, navigate to All > Industrial Workspace and select the Dashboard Library (Dashboards icon in the Industrial Workspace.) icon in the navigation panel. Then select Operational Technology Vulnerability Response.

    Use cases

    The following table shows some examples of how different people in your organization can use this dashboard.
    Table 1. Operational Technology Vulnerability Response (PA) dashboard use cases
    User Dashboard use
    OT site managers, OT analysts, vulnerability remediation owners Help your organization deal with increasing security incidents due to exploited vulnerabilities by determining which OT vulnerable items present the most risk. This dashboard provides a graphical view into the OT vulnerable item activity and can help you to design the remediation plans and status progress. You can focus on the key performance indicators (KPIs) that are associated with the critical affected devices and high-visibility vulnerabilities.

    Dashboard tabs

    You can see the reports that show the trending data over time and the reports with real-time data. You can also view the trends of the important metrics on a regular schedule so that you can analyze your overall business processes and identify the areas that need to be improved.

    Learn what's in the Vulnerable Items tab, Remediation tab, and Exceptions tab.

    Vulnerable Items tab

    The Vulnerable Items tab communicates the KPIs for the vulnerability risk and prevalence, affected devices, remediation target adherence, and remediation progress.

    On the Vulnerable Items tab, you can view the following reports:
    • Total OT Vulnerable Items
    • New OT Vulnerable Items
    • OT Unassigned Vulnerable Items
    • OT Vulnerable Items by State
    • OT Vulnerable Items by Risk Rating
    • OT VIs Met Remediation Target
      Note:
      You can view the data by the last month, 3 months, 6 months, year, or all time.
    • OT VI Mean Time to Remediate (MTTR)
      Note:
      You can view the data by the last month, 3 months, 6 months, year, or all time.
    • OT VI by age
    • OT Closed Vulnerable Items by Remediation Target Status
    • OT Critical Vulnerable Items by Assignment Group
    • OT Overdue Critical Vulnerable Items by Assignment Group

    Remediation tab

    The Remediation tab helps you to understand the progress of your remediation actions and to see which support teams need the most assistance with their completion.

    On the Remediation tab, you can view the following reports in real time:

    • OT Remediation Tasks
    • OT Critical Remediation Tasks Near Due
    • OT Remediation Task by Risk Rating
    • OT Remediation by Target Status
    • OT Remediation Task by State
    • OT Unassigned Remediation Tasks
    • OT Critical Remediation Task by Assignment Group
    • OT Overdue Critical Remediation Task by Assignment Group

    Exception tab

    The Exception tab helps you to understand where your organization is taking a risk due to potentially excessive deferrals of remediation.

    On the Exception tab, you can view the following reports in real time:
    • OT Deferred Vulnerable Items by Reason
    • OT Exceptions for Critical Vulnerable Items by Assignment Group.

    Site filter

    You can use the Site filter to search for and select the site that you want to view on the dashboard. To access and use the site filter, you must have the cmdb_ot_isa_viewer role with access to the site you want to view.

    For more information, see Use the site filter.

    Indicator sources

    The Operational Technology Vulnerability Response indicators gather data from the following sources:
    • OTVI.Active
    • OTVI.Closed
    • OTRT.Active
    For more information about the indicator sources that are used for the dashboard, see Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard.

    If you expect more than 1 million records to be collected from the indicator sources, you must override the expected count in the Records collection section of the indicator source. For more information, see Review the indicator sources for a larger number of records.

    Indicators

    Several indicators are used to measure and track the progress of your vulnerability remediation in the Operational Technology Vulnerability Response application. For more information about the indicators used for the dashboard, see Indicator sources and indicators for the Operational Technology Vulnerability Response (PA) dashboard.

    The collect records option for the indicators is inactive by default for the Operational Technology Vulnerability Response application. This option is turned off to avoid the performance issues that may occur when you collect a large amount of data for each indicator.

    Breakdowns

    Breakdowns filter and group the collected records​ by a qualitative attribute. The following breakdowns apply to the indicators on the dashboard:
    • Age
    • Age Closed
    • Assignment Group
    • CI Manager
    • Deferral Reason
    • Exploit Attack Vector
    • Exploit Exists
    • Exploit Skill Level
    • Remediation Target Rule
    • Remediation Target Status
    • Remediation Target Status (Closed)
    • Risk Rating
    • Severity
    • State
    The breakdown sources specify the unique values that a breakdown contains. The unique values are called the breakdown elements. The dashboard uses the following breakdown sources:
    • Assignment Group​
    • Deferred.Reason.Non.Closed​
    • Exploit Attack Vector​
    • Exploit Exists​
    • Exploit Skill Level​
    • OT Age Range​
    • Remediation Target Status​
    • Remediation Target Status (Closed)​
    • Remediation.Target.Rule​
    • Risk Rating
    • Severity​
    • State​
    • Vulnerable.Item.CI.Manager​

    For more information about the breakdowns and breakdown sources, see Operational Technology Vulnerability Response (PA) dashboard breakdowns.

    Collection jobs

    The dashboard uses the following collection jobs to gather the OT vulnerability data that are displayed on the dashboard.
    • [PA OT VR] Historical Vulnerability Data Collection
    • [PA OT VR] Daily Collection for Remediation Tasks
    • [PA OT VR] Daily Collection for Vulnerable Items 1
    • [PA OT VR] Daily Collection for Vulnerable Items 2

    For more information about the collection jobs, see Operational Technology Vulnerability Response (PA) dashboard collection jobs.

    Data visualizations

    The Operational Technology Vulnerability Response (PA) dashboard uses data visualizations to display your OT vulnerability data. For example, the total number of OT vulnerable items in your system is displayed in the Total OT Vulnerable Items bar chart and is grouped by OT device type.

    For more information about the data visualizations that are used in the dashboard, see Data visualizations used in the Operational Technology Vulnerability Response (PA) dashboard.