Analyze vulnerability remediation status with generative AI

  • Release version: Australia
  • Updated May 26, 2026
  • 4 minutes to read

    • Chat with an AI agent to help you gain insights into your monthly remediation compliance metrics for vulnerable items.

    Before you begin

    Note:
    Depending on your license, you will have access to certain application features, generative AI skills, agentic workflows, and AI agents. For more information, see ServiceNow product tiers.

    The Now Assist panel must be activated. For more information, see Activate the Now Assist panel standard chat.

    Roles required: sn_vul.vulnerability_admin or sn_vul.vulnerability_analyst admin

    Procedure

    1. Select the Now Assist icon (Now Assist icon.).
      The Now Assist panel is displayed. If you don't see the Now Assist icon Now Assist icon. in the header on the page, you must activate the Now Assist panel. For more information, see Activate the Now Assist panel standard chat.

      The Analyze vulnerability remediation status agentic workflow is on-demand. You can enter any query in natural language, but you might consider using the prompts described in the following table and steps to familiarize yourself with the available data and what you can do with it.

      These steps give you insights into your compliance metrics for how well your teams meet their monthly remediation target dates for vulnerable item records as reported in your Service Level Agreement (SLA).

      Your request or response Description
      What is my compliance for remediation for the month of October 2024?

      By default the lookup is based on assignment group.

      If you do not specify a month, the AI agent looks for the current month and then starts going backwards in time, a month at a time.

      Alternatively, you might ask the agent for a breakdown by configuration item class or vulnerability. For example, type What is my compliance for the month of October 2024 for Windows servers?
      Which asset types accounted for the most missed SLAs? The results are organized based on the data for the month of your original request by asset type.
      Which assignment group had the fewest missed Critical SLAs? Get the assignment group that had the most or least missed SLAs based on the vulnerable item (VIT) severity: Critical, High, Medium, and Low. Additionally, you can ask the AI agent to look up missed SLAs by VIT category.
      Show output for the previous question. Request the agent to review your previous question if it doesn't give you an answer.
      End the session, or Stop. End the conversation.

      Your conversation is saved until you start a new chat. If the conversation ends unexpectedly, start a new chat. To start a new chat select the new chat icon (New chat icon.).

    2. Enter a request in natural language to see your remediation metrics for a given month and year, for example, What is my compliance for remediation for the month of October 2024?
      The results are organized into sections.
      • Summary - Total records that had SLA remediation targets for the month and year you requested and the percent totals for missed and met target dates.
      • Breakdown by severity - Vulnerable items that missed remediation targets are broken down by critical, high, medium, and low severity.
      • Breakdown by assignment groups - Percent of the total records with missed targets broken out by assignment groups.
      • More information: Remediation Compliance for October 2024 link - View more information about the data. A new tab opens in UI16.
    3. You might ask for more specific information about missed SLAs, for example, Which asset types accounted for the most missed SLAs?
      The results are organized for the data for the month of your original request by asset type, for example, Windows Server, Database, Linux Server, and so on.
    4. You might ask for more specific information about your teams' productivity during that month, for example, Which assignment group had the fewest missed Critical SLAs?
      The assignment group is returned that had the least number of Critical VITs that missed the SLA.
    5. You might compare these results to another month, for example, How does this data compare with November 2024?
      The results are organized into sections.
      • Comparison Summary - Total records that had SLA remediation targets for the time period that you first requested (October 2024) compared to your latest request (November 2024).
      • Breakdown by severity - Vulnerable items that missed remediation targets are broken down by severity: Critical, High, Medium, and Low.
      • Observations - Analysis of data and insights into data trends based on the comparison.
      • More information: Remediation Compliance for November 2024 link - View more information about the data used for the comparison. A new tab opens in UI16.

      Retrieved SLA metrics for your requests are cached by the agentic transactions, in addition to the metrics that are retrieved monthly by a background job. All retrieved metrics are cached on the Remediation Compliance Insights [sn_vul_ai_remediation_insights] caching table.

      This table has ACLs that limit access to the records. However, if you determine that you want additional control over the permissions to this table, you can grant access to users with the sn_vul_ai.write_rem_insights and sn_vul_ai.read_rem_insights granular roles that are inherited automatically by the sn_vul.vulnerability_admin and sn_vul.vulnerability_analyst roles.

      The VR.System role also inherits these granular roles so background job execution for the workflow can occur.