List view

Xanadu Security Management

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Security Management

ft:clusterId

security

bundleId

security

workflow

Technology

Security Exposure Management Workspace List view

Release version: Xanadu

Updated July 31, 2025

8 minutes to read

The List view in the Security Exposure Management Workspace permits vulnerability and security managers and analysts to view remediation progress on records, drill down into records, and view the status of their approval requests and exceptions.

Role required:

sn_vul.vulnerability_analyst, sn_vul.vulnerability_admin, or sn_vul.remediation_owner for host vulnerable items (VITs)
sn_vul.app_sec_manager, sn_vul.app_security_champion for application vulnerable items (AVITs)
sn_vul_container.vulnerability_analyst, sn_vul_container.vulnerability_admin, or sn_vul_container.remediation_owner for container vulnerable items (CVITs)
sn_vulc.admin, sn_vulc.remediation_owner for configuration test results (CTRs)

These lists and links provide you with easy access to records and tasks. It contains two tabs:

Lists tab: Displays the default lists for remediation efforts, remediation tasks, vulnerable items, configuration test results, solutions, exceptions, and libraries.
My Lists tab: Displays any lists that you’ve renamed from the Lists tab and any lists that you create.
You can also create your own list to monitor remediation progress. For more information, see Create a customized list of records.

Lists tab

The following table shows the lists available in the Lists tab of the List page:

Tip:

If the sn_vul_cmn_ws.navigate_to_workspace system property is set to true by an admin, upon selecting the predefined filter links in the Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response and Configuration Compliance modules from the All menu, these links open in the List page of the Security Exposure Management Workspace based on your role.

For example, if you select Assigned to My Groups by navigating to All > Security Exposure Management > Remediation Tasks > Assigned to My Groups, this link is redirected to the Security Exposure Management Workspace. The Assigned to My Groups list in the Remediation Tasks module opens in the List page of the Security Exposure Management Workspace if you have the vulnerability admin or analyst role. To view the host remediation tasks group the tasks by Record Type.

You can hide the record count on the lists using the glide.ui.list.seismic.omit.count system property. For more information on how to turn off/on the record count on a list, see the KBB0010402 KB article.

Table 1. Lists
List item	Description	Modules	Roles Required
Remediation efforts (REs)	List of Active REs and All the REs assigned to your assignment groups. Group the remediation efforts by Record Type to categorize them by host vulnerable items, application vulnerable items, container vulnerable items and configuration test results.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs) sn_vul.app_sec_manager for application vulnerable items (AVITs) sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs) sn_vulc.admin for configuration test results (TRs)
Impacted Assets	Contains the following lists: Assigned to me: List of impacted assets assigned to you for remediation. Assigned to my group: Impacted assets assigned to your assignment groups for remediation.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.remediation_owner for host vulnerable items (VITs) sn_vul.app_security_champion for application vulnerable items (AVITs) sn_vul_container.remediation_owner for container vulnerable items (CVITs) sn_vulc.remediation_owner for configuration test results (TRs)
Remediation tasks	Contains the following lists: Active: List of all the active host, application, container and Test result remediation tasks. All: List of both active and inactive host, application, container and Test result remediation tasks. Assigned to me: List of Remediation tasks assigned to you for remediation. Assigned to my group: Remediation tasks assigned to your assignment groups for remediation. Multiple Deferrals: Lists findings that you've deferred multiple times. Group the remediation tasks by Record Type to categorize them by host vulnerable items, application vulnerable items, container vulnerable items and configuration test results. Note: The Remediation tasks list includes tasks generated during the Remediation Effort creation in the Security Exposure Management Workspace, as well as those created manually and by remediation task rules and other processes in the classic UI. The Remediation effort column will be empty for any remediation tasks that were not created as part of the Remediation Effort.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs) sn_vul.app_sec_manager for application vulnerable items (AVITs) sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs) sn_vulc.admin for configuration test results (TRs)
Host Vulnerable items	Contains the following lists Active: List of all the active host vulnerable items. All: List of both active and inactive host vulnerable items. Assigned to me: List of host vulnerable items assigned to you for remediation. Assigned to my group: List of host vulnerable items assigned to your assignment groups for remediation.	Vulnerability Response	sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin
Application Vulnerable items	Contains the following lists: Active: List of all the active application vulnerable items. All: List of both active and inactive application vulnerable items. Assigned to me: List of application vulnerable items assigned to you for remediation. Assigned to my group: List of application vulnerable items assigned to your assignment groups for remediation. You can create a new application vulnerable item by selecting the New button.	Application Vulnerability Response	sn_vul.app_sec_manager
Container Vulnerable items	Contains the following lists: Active: List of all the active container vulnerable items. All: List of both active and inactive container vulnerable items. Assigned to me: List of container vulnerable items assigned to you for remediation. Assigned to my group: List of container vulnerable items assigned to your assignment groups for remediation.	Container Vulnerability Response	sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin
Configuration Test Results	Contains the following lists: Active: List of all the active test results. All: List of both active and inactive test results. Assigned to me: List of test results assigned to you for remediation. Assigned to my group: List of test results assigned to your assignment groups for remediation.	Configuration Compliance	sn_vulc.admin
Solutions	Contains the following lists: All: Shows all the available solutions which you can use to remediate the host vulnerable items. Highest Supersedence: Shows all the solutions which is used to populated Preferred Solutions. With Vulnerable items: Shows the solutions which are being used as Preferred Solution on Vulnerable Items.	Vulnerability Response	sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin
Exceptions	Shows the approval states for all the exception and false positive requests associated with your assignment groups. All: List of the exception, false positive, and unassign approval requests related to VITs, AVITs, and CVITs and their remediation tasks (VUL, AVUL, and CVUL). My requests: List of all the exception, false positive, and unassign approval requests raised by you for host, application, and container vulnerable items and their remediation tasks. All (Configuration Compliance): List of the exceptions, false positive, and unassign approval requests related test results and remediation tasks (CTR#). My requests (configuration compliance): List of all the exception, false positive, and unassign approval requests raised by you for the test results and their remediation tasks that you are working on. Group the exceptions by Record type to categorize them by host vulnerable items, application vulnerable items, container vulnerable items and configuration test results.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs) sn_vul.app_sec_manager for application vulnerable items (AVITs) sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs) sn_vulc.admin for configuration test results (TRs)
Approvals	Assigned to me: Shows the approval requests assigned to you for processing. To process your approvals in the workspace, see Approve or reject requests in the Security Exposure Management Workspace.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs) sn_vul.app_sec_manager for application vulnerable items (AVITs) sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs) sn_vulc.admin for configuration test results (TRs)
Libraries	Consists of the following lists: CVEs (NVD): List of all the Common Vulnerability and Exposures (CVEs) from Vulnerability Response, Application Vulnerability Response, and Container Vulnerability Response. TPEs: List of imported third-party vulnerabilities in your instance. Contains a list of related references, vulnerable items, exploits, and CVEs. CWEs: List of all the Common Weakness Enumerations (CWEs) from Vulnerability Response, Application Vulnerability Response, and Container Vulnerability Response. Vulnerable Software: List of all the software vulnerable entries. App vulnerabilities: List of all the third-party application vulnerability entries. Test Groups: List of all the Configuration Compliance test groups. You can view the percentage of CI compliance and test results compliance for a Test Group in the record view. Tests: List of all the tests from Configuration Compliance. You can view the percentage of test results compliance for a test in the record view. Compensating Controls: List of all the compensating controls which can be used for risk reduction requests. You can add a compensating control by clicking New. For more information on how to add a compensating control, see Add a compensating control to the library.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs) sn_vul.app_sec_manager for application vulnerable items (AVITs) sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs) sn_vulc.admin for configuration test results (TRs)
CMDB	Contains the following lists Discovered items:List of all the discovered items. Discovered container images: List of Container images. These container images provide information on the image ID, Docker image, and the image repository along with the layer information. Discovered Applications: List of all discovered applications, including details such as application name, source, state, integration instance, and more.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs) sn_vul.app_sec_manager for application vulnerable items (AVITs) sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs) sn_vulc.admin for configuration test results (TRs)
Penetration Test Assessment Requests	Contains the following lists: Active: List of active Penetration Test Assessment Requests. All: List of both active and inactive Penetration Test Assessment Requests Assigned to me: List of Penetration Test Assessment Requests raised by you. Assigned to my group: List of Penetration Test Assessment Requests raised by the users in your assignment groups. For information on how to create a penetration test assessment request, see Create a new penetration testing assessment request.	Application Vulnerability Response	sn_vul.app_sec_manager
Penetration Test Findings	Contains the following lists: Active: List of all the active Penetration Test Findings. All: List of both active and inactive Penetration Test Findings. Assigned to me: List of Penetration Test Findings assigned to you for remediation. Assigned to my group: List of Penetration Test Findings assigned to your assignment groups for remediation. Validation Pending: List of Penetration Test Findings that are pending validation after remediation. For information on how to create a penetration test findings, see Create penetration test findings based on an assessment questionnaire.	Application Vulnerability Response	sn_vul.app_sec_manager
Patches	All: List of all the available patches that can be used to remediation host vulnerable items.	Vulnerability Response	sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin
Supporting Data	Contains the following lists: Authoritative Sources: List of authoritative sources that provide summary information which is useful to research the source publications. Technologies: List of technologies that provide the summary information about each authoritative sources and citation (also known, in Qualys, as a framework).	Configuration Compliance	sn_vulc.admin