Removing assignments from vulnerable items and remediation tasks

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Removing Assignments from Vulnerable Items and Remediation Tasks

    This process allows remediation owners to clear assignments from vulnerable items (VIs) and remediation tasks directly within the Vulnerability Response and Application Vulnerability Response applications, starting with version 16.5. This feature assists in managing records that may have been incorrectly assigned, enabling better workflow management.

    Show full answer Show less

    Key Features

    • Unassign Button: Available on remediation tasks and vulnerable items not in Closed or Resolved states, allowing for direct unassignment.
    • Bulk Edit Capability: Clear assignment fields for multiple VIs simultaneously by selecting the Bulk Edit option.
    • System Property Control: Administrators can configure the approval requirement for unassigning records and set default assignment groups for reassignment.
    • Notification System: Notifications are sent to specified groups upon unassignment, based on system property configurations.
    • Monitoring Scheduled Jobs: A daily job monitors unassigned records and reports counts for better management of assignment rules.

    Key Outcomes

    By utilizing this feature, ServiceNow customers can efficiently manage their workload by removing inappropriate assignments, ensuring that records are correctly allocated. This leads to improved accuracy in vulnerability management and aids in identifying assignment rules that may need adjustment based on unassigned counts.

    You can clear the Assigned to and Assignment group fields on vulnerable items directly from the vulnerable item (VIT) and remediation task records that you determine might be incorrectly assigned to you or your groups.

    Removing assignments Overview

    Starting with v16.5, remediation owners can update the records for reassignment with the Unassign button in Vulnerability Response and Application Vulnerability Response applications.

    Use case

    If you determine that VIs aren't within your scope for remediation, or if you think that records have been incorrectly assigned to you or to your groups, you might want to remove yourself or your groups from the Assigned to and Assignment group fields on vulnerable item and remediation task records.

    Unassign module

    The Unassign button is displayed on the following records in any state other than the Closed or Resolved states:
    • Remediation tasks (VULs) in both the classic environment and the Vulnerability Response Workspaces. If a remediation task is updated with this feature, the Assigned to and Assignment group fields on all of its associated VIs are cleared also.
    • Vulnerable items (VITs) in both the classic environment and the Vulnerability Response Workspaces.
    • Application vulnerable items (AVITs).

    Any records that you update with either the UI button or manually, are displayed on the Unassigned module under their respective modules.

    To learn how to reassign records by using the Unassigned UI action, see Remove assignments from vulnerable items for you or your groups.

    Bulk edit

    You can clear the assignment fields for multiple VIs on a list. After you select the VIs and select Bulk Edit, on the dialog that is displayed, select the Unassign check box.

    System property and notifications

    If you are an administrator with the sn_vulc.vulnerability_admin role, when you click Unassign on a record, by default, the sn_vul.unassign_vr.approval_required system property triggers the approval flow and creates a state change approval record in review state and approval request is raised for approver which displays in the My Approvals list.

    Note:
    As a vulnerability administrator, you can set the sn_vul.unassign_vr.approval_required system property to false to disable the approval process.
    • If the approver approves the request, sn_vul.default_assignment_group clears the Assigned to and Assignment group fields and populates the Assignment type field with Unassigned. As a vulnerability administrator, you can change the value in the sn_vul.default_assignment_group system property so that the assignment fields are cleared and a specific group is then assigned. For example, if a user clicks Unassign on a record and you want to redirect it to a specific group for review, you can add a system ID for the group of your choice in the value field of the system property.
      Note:
      If you change this value, notifications for all the VIs, AVITs, and CVITs that are unassigned are sent to the group you specify.
    • If the approver rejects your request, the reason for rejection displays in the Notes tab.

    Alternatively, if sn_vul.default_assignment_group is not configured for a specific group, by default, users that you add to the Unassign notification user group are alerted when records are unassigned. The sn_vul.default_assignment_group system property determines the notifications to this group.

    The assignment type, whether it's Manual, Rule, or Unassigned, is available from the VI records and the list view. The Unassigned assignment type is displayed on records after the Assigned to and Assignment group fields are cleared by the system property of the feature.

    Monitoring your assignment rules with the scheduled job for this feature

    A daily scheduled job counts the records when they transition to Unassigned assignment type. With this count, vulnerability analysts can monitor and adjust any assignment rules that might not be performing well based on any assignment rules that have higher counts of unassigned VIs.

    The Reassignment count for assignment rules scheduled job runs daily and posts the total number of VIs that are unassigned by this feature for a particular assignment rule.

    The counts gathered by this job apply to the vulnerable items and the unique assignment rules for Vulnerability Response and Application Vulnerability Response. Counts are displayed by assignment rule in each assignment rules list for each module.

    The job also counts any records that are manually unassigned. Both the manual counts and the counts gathered by this feature are posted on the Vulnerability Assignment Rules list in two columns: Reassignment count - manual items and Reassignment count - unassigned items.

    1. As a vulnerability admin, to view these counts, navigate to Vulnerability Response > Administration > Assignment Rules.
    2. Click the gear icon in the upper right of the list and select the Reassignment count - manual items, and Reassignment count - unassigned items for display.
    3. Any VI that was originally assigned by a rule but subsequently automatically or manually reassigned contains a reference to the original rule on the list view.

    The following example shows reassignment counts for two assignment rules.

    Reassignment counts for two assignment rules for Vulnerability Response VITs.