Examples for remediation task creation in the Security Exposure Management Workspace

  • Release version: Xanadu
  • Updated July 31, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Examples for remediation task creation in the Security Exposure Management Workspace

    This content explains how ServiceNow customers can manually create remediation tasks in the Security Exposure Management Workspace by selecting vulnerable records and grouping them based on chosen criteria. It demonstrates how records are organized into remediation tasks, depending on grouping options and how existing remediation task memberships are managed.

    Show full answer Show less

    Remediation Task Grouping and Management

    When creating a remediation task, you select multiple vulnerability records and define:

    • Grouping criteria (e.g., Assignment group, Configuration item, Vulnerability, Risk rating)
    • How to handle records already part of existing remediation tasks (Skip, Transfer, or Keep in both)

    This determines how records are aggregated into new remediation tasks and whether they remain or move from previous tasks.

    Scenario Examples

    • Scenario 1 - Group by Assignment group, Skip existing records: Records sharing an assignment group are grouped together. Records already in other remediation tasks are excluded from the new tasks. This creates one remediation task per assignment group only with new records.
    • Scenario 2 - Group by Assignment group + Configuration item, Transfer existing records: Records are grouped by both assignment group and configuration item. Records already in other tasks are moved into the new grouped remediation tasks. This results in multiple detailed remediation tasks and updates record memberships.
    • Scenario 3 - Group by Assignment group + Vulnerability, Keep records in both: Records sharing assignment group and vulnerability are grouped, but records remain in both existing and new remediation tasks, enabling shared remediation efforts.
    • Scenario 4 - Group by Assignment group + Risk rating, Keep records in both: Records are grouped by assignment group and risk rating. Existing task memberships are retained alongside the new tasks, allowing multiple task associations based on risk levels.

    Practical Benefits for ServiceNow Customers

    • Flexible grouping criteria allow tailoring remediation tasks to organizational needs, improving task clarity and assignment.
    • Options to manage record memberships enable controlled task creation without losing track of remediation progress.
    • Supports efficient handling of vulnerabilities by grouping related items, reducing duplication and streamlining remediation workflows.
    • Visibility into how vulnerable items are allocated helps prioritize remediation efforts by assignment group, configuration item, vulnerability type, or risk rating.

    By understanding these grouping and management options, ServiceNow users can optimize remediation task creation to fit their security operations processes efficiently.

    When you create remediation tasks manually in the Security Exposure Management Workspace, records are grouped into a remediation task based on the grouping criteria you select.

    Consider the following example where 10 records are selected for remediation task creation. After providing the record selection details and a brief description, select the Grouping criteria according to your requirement and then select how you want to manage the records that are already part of existing remediation tasks.

    Remediation task creation based on the grouping criteria

    Table 1. Vulnerable items selected for remediation task creation
    Vulnerable item id Existing remediation tasks Assignment group Configuration item Vulnerability Risk rating
    VIT10001 VUL10021, VUL10022 Remediation Manager APSVR-NY-1672 CVE-2018-9020 4
    VIT10002 - Vulnerability Response DEV-IBM-NY-682 CVE-2018-9020 2
    VIT10003 VUL10021 LDAP Admins DEV-IBM-NY-682 CVE-2012-5357 1
    VIT10004 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 4
    VIT10005 VUL10022 Vulnerability Response DEV-IBM-NY-682 CVE-2018-9020 2
    VIT10006 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 2
    VIT10007 - LDAP Admins DEV-SAP-SD-9388 CVE-2013-3906 1
    VIT10008 - LDAP Admins DEV-IBM-NY-682 CVE-2013-3906 1
    VIT10009 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 2
    VIT10010 - LDAP Admins DEV-SAP-SD-9388 CVE-2013-3906 4

    The following list shows how the records are grouped into remediation tasks based on the grouping criteria selected when creating the remediation task.

    Scenario1: Grouping criteria is selected as “Assignment group” and Managing records in other remediation tasks is selected as “Skip records for the new remediation tasks”
    The records with the same assignment group are grouped into one remediation task. The records that are already part of existing remediation tasks are not added to the new remediation tasks. Here, three remediation tasks are created, each containing the records that are assigned to the Remediation Manager, LDAP Admins, and Vulnerability Response assignment groups.
    Table 2. Remediation task created in scenario 1
    Remediation tasks created Records in the remediation task
    Remediation task 1 - VUL10001 This remediation task contains the records that are assigned to the Remediation Manager assignment group:
    • VIT10004
    • VIT10006
    • VIT10009

    The VIT10001 record will not be moved to the VUL10001 remediation task.
    Remediation task 2 - VUL10002 This remediation task contains the VIT10002 record that is assigned to the Vulnerability Response assignment group.

    The VIT10005 record will not be moved to the VUL10002 task.
    Remediation task 3 - VUL10003 This remediation task contains the records that are assigned to the LDAP Admins assignment group:
    • VIT10007
    • VIT10008
    • VIT10010

    The VIT10003 record will not be moved to the VUL10003 remediation task.
    Scenario 2: Grouping criteria is selected as “Assignment group and configuration item” and Managing records in other remediation tasks is selected as “Transfer records to the new remediation tasks”
    The records with the same configuration item that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records are removed from their old remediation tasks and moved to the new remediation tasks. Here, five remediation tasks are created.
    Table 3. Remediation tasks created in scenario 2
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10004 This remediation task contains the records that are assigned to Remediation owner assignment group and with APSVR-NY-1672 configuration item.
    • VIT10001

    The VIT10001 record will be removed from the VUL10021, and VUL10022 remediation tasks.
    Remediation task 2 - VUL10005 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with DEV-IBM-NY-682 configuration item.
    • VIT10002
    • VIT10005

    The VIT10005 record will be removed from the VUL10022 remediation task.
    Remediation task 3 - VUL10006 This remediation task contains the records that are assigned to LDAP Admins assignment group and with DEV-IBM-NY-682 configuration item.
    • VIT10003
    • VIT10008

    The VIT10003 record will be removed from the VUL10021 remediation task.
    Remediation task 4 - VUL10007 This remediation task contains the records that are assigned to Remediation Manager assignment group and with CRMBK-SD-4210 configuration item.
    • VIT10004
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10008 This remediation task contains the records that are assigned to LDAP Admins assignment group and with DEV-SAP-SD-9388 configuration item.
    • VIT10007
    • VIT10010
    Scenario 3: Grouping criteria is selected as “Assignment group and vulnerability” and Managing records in other remediation tasks is selected as “Keep records in both the current and new remediation tasks”
    The records with the same vulnerability that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records will be added to their respective new remediation tasks without being removed from their old remediation tasks.Here, five remediation tasks are created.
    Table 4. Remediation tasks created in scenario 3
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10009 This remediation task contains the records that are assigned to Remediation owner assignment group and with CVE-2018-9020 vulnerability.
    • VIT10001

    The VIT10001 record will remain part of VUL10021, and VUL10022 remediation tasks as well.
    Remediation task 2 - VUL10010 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with CVE-2018-9020 vulnerability.
    • VIT10002
    • VIT10005

    The VIT10005 record will remain part of VUL10022 remediation task as well.
    Remediation task 3 - VUL10011 This remediation task contains the records that are assigned to LDAP Admins assignment group and with CVE-2012-5357 vulnerability.
    • VIT10003

    The VIT10003 record will continue to be part of the VUL10021 remediation task also.
    Remediation task 4 - VUL10012 This remediation task contains the records that are assigned to Remediation Manager assignment group and with CVE-2013-1710 vulnerability.
    • VIT10004
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10013 This remediation task contains the records that are assigned to LDAP Admins assignment group and with CVE-2013-3906 vulnerability.
    • VIT10007
    • VIT10008
    • VIT10010
    Scenario 4: Grouping criteria as “Assignment group and risk rating” and Managing records in other remediation tasks is selected as “Keep records in both the current and new remediation tasks”
    The records with the same risk rating that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records will be added to their respective new remediation tasks without being removed from their old remediation tasks. Here, five remediation tasks are created.
    Table 5. Remediation task created in scenario 4
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10014 This remediation task contains the records that are assigned to Remediation owner assignment group and with 4 risk rating.
    • VIT10001
    • VIT10004

    The VIT10001 record will continue to be part of VUL10021and VUL10022 remediation tasks.
    Remediation task 2 - VUL10015 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with 2 risk rating.
    • VIT10002
    • VIT10005

    The VIT10005 record will continue to be part of VUL10022 remediation task.
    Remediation task 3 - VUL10016 This remediation task contains the records that are assigned to LDAP Admins assignment group and with 1 risk rating.
    • VIT10003
    • VIT10007
    • VIT10008

    The VIT10003 record will continue to be part of VUL10021 remediation task.
    Remediation task 4 - VUL10017 This remediation task contains the records that are assigned to Remediation Manager assignment group and with 2 risk rating.
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10018 This remediation task contains the records that are assigned to LDAP Admins assignment group and with 4 risk rating.
    • VIT10010