Remediation task state for Vulnerable Items (VIs) in multiple groups

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Remediation Task State for Vulnerable Items (VIs) in Multiple Groups

    This document outlines how the state of Vulnerable Items (VIs) is determined when they are associated with multiple remediation tasks. The higher precedence state from the associated groups dictates the final state of the VI, ensuring efficient tracking and management of vulnerabilities within ServiceNow.

    Show full answer Show less

    Key Features

    • State Precedence: VIs inherit their state from the group with the highest precedence. For instance, if Group A is 'Under Investigation' and Group B is 'Open', the VI will be marked as 'Under Investigation'.
    • Individual State Setting: If a VI's state is set individually, this will also be considered in the precedence evaluation, affecting the final state based on the highest precedence available.
    • Source Status Fixed: If the VI status is updated to 'Fixed', it automatically transitions to 'Closed/Fixed', irrespective of the other groups' states.

    Key Outcomes

    By understanding how states are assigned based on group precedence, ServiceNow customers can effectively manage and prioritize the remediation of vulnerabilities. This structured approach aids in maintaining clarity and ensures that critical vulnerabilities are addressed promptly based on the most relevant group state.

    When a VI is in multiple remediation tasks, (group in the following tables), and its own state has not been set, the higher precedence group state determines the state of that VI, as shown in the following table.

    Table 1. Vulnerable item states examples
    Remediation task state Vulnerable item state
    Group A: Open > Under Investigation

    Group B: Open

    		 Under Investigation

    When Group A is Under Investigation and Group B is Open, the VI changes to Under Investigation. After the search, between Group A and Group B, Group A has the state with the highest precedence.
    Group A: Under Investigation

    Group B: Open > Under Investigation

    		 Under Investigation

    When Group B is Under Investigation and Group A is Under Investigation, the VI stays as Under Investigation. After the search, between Group A and Group B, they have the state with the same precedence.
    Group A: Under Investigation

    Group B: Under Investigation > Awaiting Implementation

    		 Awaiting Implementation

    When Group B is Awaiting Implementation and Group A is Under Investigation, the VI changes to Awaiting Implementation. After the search, between Group A and Group B, Group B has the state with the highest precedence.
    Group A: Under Investigation > Deferred

    Group B: Awaiting Implementation

    		 Deferred

    When Group A is Deferred and Group B is Awaiting Implementation, the VI changes to Deferred. After the search, between Group A and Group B, Group A has the state with the highest precedence.
    Table 2. Vulnerable item in multiple groups special cases
    Remediation task State Vulnerable Item State
    Group A: Under Investigation

    Group B: Awaiting Implementation > Closed (Fixed or Cancelled)

    		 Under Investigation

    When Group B is Closed/Fixed or Closed/Cancelled, and Group A is Under Investigation, the VI changes from Awaiting Implementation (previously the highest precedence) to Under Investigation (currently the highest precedence).
    Group A: any state

    Group B: any state

    		 If the vulnerable item source status is Fixed (updated by a scan or import), then when the group changes its state, the vulnerable item changes its state to Closed/Fixed. This condition is true no matter what states the other associated groups are in. The vulnerable item search for the group state does not occur.
    When a VI state is set individually, its state is considered when evaluating precedence, as with any other remediation task. When a VI belongs to more than one remediation task, the following table lists the updates that are made.
    Table 3. Vulnerable item state set individually special cases
    Vulnerability item state within a group Vulnerable item final state
    Group A state: Under Investigation

    Group B state: Under Investigation > Awaiting Implementation

    Original VI state: Under Investigation > (set on the VI)

    		 Awaiting Implementation

    When Group B moved to Awaiting Implementation, and Group A remained Under Investigation, the VI changes to Awaiting Implementation (the highest precedence).
    Group A: Under Investigation

    Group B: Under Investigation > Awaiting Implementation

    Original VI state: Deferred > (set on the VI)

    		 Deferred

    When Group B moved to Awaiting Implementation, and Group A remained Under Investigation, the VI remains in the Deferred state (the highest precedence).
    The following table shows that when two remediation tasks with common vulnerable items are deferred, the state is deferred until the latest date is reached.
    Table 4. Vulnerable item deferred state special cases
    Vulnerability item state within a group Vulnerable item final state
    Group A state: In Review (until April 10)

    Group B state: Under Investigation > In Review (until April 30)

    Original VI state: In Review (until April 10) > (set on the VI)

    		 Deferred (until April 30)

    When Group B moved to Deferred (until Apr-30), and Group A remains Deferred (until Apr-10), the VI changes from Deferred (until Apr-05) to Deferred state (until Apr-30).
    Group A: In Review (until July 15)

    Group B: Under Investigation > In Review (until July 10

    Original VI state: Deferred > (until July 15)

    		 Deferred (until July 15)

    When Group B moved to Deferred (until Jul-10), and Group A remains Deferred (Jul-15), the VI remains in Deferred (until Jul-15).