Configure the vulnerable item key

  • Release version: Zurich
  • Updated July 31, 2025
  • 4 minutes to read

    • Configure the granularity of the vulnerable item (VIT) key in the Vulnerability Response application to define what makes a vulnerable item (VIT) in your organization.

    Before you begin

    Role required: admin

    Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

    Key terms:

    Configuration item (CI)
    An existing asset listed on your CMDB.
    Vulnerability
    A record of a known vulnerability imported from the National Institute of Standards and Technology (NIST), National Vulnerability Database (NVD), Common Vulnerabilities and Exposures (CWE), or third-party integrations with Vulnerability Response.
    Vulnerable item
    A vulnerable item is created when an imported vulnerability matches a configuration item in your CMDB.
    Detection
    A single, distinct occurrence of a vulnerability as reported by the scanners of your third-party integrations. Detections are imported and displayed on both the detection and the vulnerable item records in your instance. Also referred to as a Vulnerable Item Detection.

    By default, a vulnerable item is a unique combination of a configuration item (CI), a vulnerability, and an integration instance. To create vulnerable items with more granularity, add unique ports or recommendations (for Microsoft TVM vulnerabilities only) from vulnerable item detections. This helps you manage remediation of vulnerabilities at the level you feel is most effective for your organization.

    If you want to create vulnerable items with more granularity, configure the vulnerable item key so that it includes port or recommendation.
    • When Include port is enabled, vulnerable items are created by unique ports from vulnerable item detections.
    • When Include recommendation is enabled, a separate vulnerable item is created for each recommendation associated with a vulnerability.
    Note:
    The Include Recommendation option appears in the UI only if Microsoft TVM integration is enabled in your environment.

    Starting from Vulnerability Response V17.1, you can identify and remediate Rapid7 vulnerabilities by adding proof as the VI key. For more information, see Adding proof to Rapid7 vulnerable item keys.

    Choose an option from the following table to enable the Include port option.

    Table 1. Three scenarios for enabling the Include port option with the VI key for the first time
    If... Description
    One or more of the following conditions is true:
    • You’re upgrading from a version of Vulnerability Response prior to v10.0 that didn’t support vulnerable item detections.
    • You are a new customer and you have no Vulnerability Response data (vulnerable items or vulnerable item detections) in your ServiceNow AI Platform® instance.
    • You have already deleted all your vulnerable item records and related data in your instance and you are ready to build all your Vulnerability Response data starting with a fresh import to include VIs distinguished by unique port.
    		 Enable Include Port.

    After Include port is enabled, imported detections create vulnerable items that include VIs distinguished by unique port starting with the next import.
    Both conditions are true:
    • You have v10.0 or later of Vulnerability Response and you have existing Vulnerability Response data (vulnerable items or vulnerable item detections) in your instance that you want to preserve.
    • You want to start creating new vulnerable items to include VIs distinguished by unique port.
    		 Enable Include port. Your existing detections and their associated vulnerable items are preserved.

    After Include port is enabled, new detections create new vulnerable items that include VIs distinguished by unique port starting with the next import.
    Both conditions are true:
    • You have v10.0 or later of Vulnerability Response.
    • You have existing Vulnerability Response data (vulnerable items or vulnerable item detections), but you don’t want to preserve your existing data, because you prefer to build your vulnerability data starting from a fresh import and you want to include VIs distinguished by unique port.
    1. Delete all your vulnerable item records and related data from your instance.
    2. Enable Include port.

      After Include port is enabled, new detections create new vulnerable items that include VIs distinguished by unique port starting with the next import.
    Note:

    If the Include port option is enabled, more than one vulnerable item may be created for a configuration item. For example, if a vulnerability exists for two ports on a configuration item, ports 80 and 443, two unique VIs are created, one for each port starting with the next import.

    Note:
    Be sure that you want to create VIs to include VIs by unique ports before you enable this feature. Once you enable the VI key to include port, you must first delete your Vulnerability Response data before you can disable Include port and return to importing vulnerability data using the default VI key granularity, that is, where VIs are created for port but not distinguished by a unique port. For more information about deleting your vulnerability data, See Delete all your vulnerable item records and related data in Vulnerability Response.

    Procedure

    1. Navigate to All > Vulnerability Response > Administration > Configure Vulnerable Item Granularity.

      The Last Updated field displays the date that the VI key was last configured.

    2. Select the Include Port check box to enable it.
      Note:
      If you have configured Microsoft TVM integration, the Include Recommendation option is also available. This enables splitting vulnerable items by unique recommendation from Microsoft TVM data.
    3. Select Save.
      The Confirmation dialog is displayed.

      If you have no vulnerable item detection records in your instance, both vulnerable item detections and vulnerable items are created by unique port starting with your next import.

      If you have existing vulnerable item detections and vulnerable items in your instance, existing detections and associated vulnerable items are preserved. New detections create new vulnerabilities that include VIs distinguished by unique port starting with the next import.

    What to do next

    Verify vulnerable items by port are displayed on the vulnerable item detection and vulnerable item records. For more information, see View Vulnerability Response vulnerable item detection data.