Vulnerability Management (PA) dashboard
Track the volume, performance and progress of vulnerabilities from initial analysis and detection to containment, or remediation. You can filter reports by assignment group, exploits, risk rating, or state, for example. Quickly gain insight into your vulnerability exposure and which business services are affected.
Required ServiceNow AI Platform roles
Role required: sn_vul.vulnerability_admin, sn_vul.vulnerability_analyst, and users with sn_vul.vulnerability_read (or who inherit the sn_vul.vulnerability_read role), and pa_viewer.
Use cases
| User | Dashboard use |
|---|---|
| It managers, IT analysts, vulnerability remediation owners | Help your organization deal with increasing security incidents due to exploited vulnerabilities by efficiently determining which vulnerable items present the most risk. These dashboards provide a graphical view into vulnerable item activity and help design remediation plans and status progress. You can focus on the KPIs associated with critical affected assets and high-visibility vulnerabilities. |
To view the Vulnerability Management (PA) dashboard, navigate to .
See reports that show trending data over time. Reports with real-time data are listed below. View trends of important metrics on a regular schedule to analyze your overall business processes and identify areas of improvement.
For more information about how to view your PA reports with real-time scores, see View Performance Analytics for Vulnerability Response [PA] reports in real time.
The Vulnerability Management [PA] dashboard tabs
This dashboard communicates KPIs for vulnerability risk and prevalence, affected assets, remediation target adherence, and remediation progress.
On the Overview tab, you can view the Critical Vulnerable Items by Assignment Group report that is run based on the scheduled job.
This dashboard exposes vulnerability risk at the business service level. Sharing this information across the organization can assist service managers to remediate vulnerabilities promptly and proactively, and drive the organization toward a shared responsibility model of information security.
You can change the service class to technical or application services using the system
property sn_vul.service_classifications.
This dashboard aggregates the vulnerability risk from the business service level to the service owners — the executives responsible for those business services. It shows which executives are assuming the most vulnerability risk and which may require the most help encouraging prompt remediation activities.
This dashboard shows the scope and composition of CIs with active vulnerabilities, and which categories of CIs need the most attention. Identify decommissioned assets with active vulnerable items and confirm that the assets have been decommissioned. View the number of vulnerable CIs that lack ownership information, so that you can proactively identify owners for these assets before a critical vulnerability affects those systems.
On the Vulnerable CIs tab, you can view the Vulnerable CIs Without Owners and Retired or Stolen CIs with Active VIs reports in real-time.
This dashboard help you understand where your organization is taking risk due to potentially excessive deferrals and reconsider remediation options.
You can view Deferred Vulnerable Items by Reason, Expiring Deferral Requests, Exceptions for Critical Vulnerable Items by Assignment Group, and Exception Requests by Requester reports.
This dashboard helps you understand the progress of your remediation actions, and which support teams need the most assistance with their completion.
On the Remediation tab, you can view Unassigned Vulnerable Items report in real-time.
Indicators
- Vulnerability Response indicators
There are a number of indicators used to measure and track the progress of your vulnerability remediation in the Vulnerability Response application.
The collect records option for the indicators is disabled by default for the Vulnerability Response application. This option is disabled so that certain reports can be viewed in real-time. Trending information used by these indicators is still available if you prefer to enable collect records manually and view the records that make up the scores.
- Distinct Vulnerabilities
- Distinct Vulnerabilities with count_active_vi > 0. Goal is to minimize.
- Non-Deferred Overdue Critical Vulnerable Items
- It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- % Vulnerable Items Met Remediation Target
- ([[Closed Vulnerable Items > Remediation Target = Target Met]] / [[Closed Vulnerable Items]]) * 100. Goal is to maximize.
- Unassigned Vulnerable Items
- All active Vulnerable Items where both the Assignment Group and Assigned To fields are empty. Goal is to minimize.
- Critical Vulnerable Items (Services)
- It is the count on data source Active VIs (Services), which is using the table: sn_vul_analytics_business_services_vi. Goal is to minimize.
- High Overdue Vulnerable Items (Services)
- It is the count on data source Active VIs (Services), which is using the table: sn_vul_analytics_business_services_vi. Goal is to minimize.
- Unassigned Remediation Tasks
- All active remediation tasks where both the Assignment Group and Assigned To fields are empty. Goal is to minimize.
- Critical Vulnerable Items
- It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- Vulnerable Items
- It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- New Vulnerable Items
- It is the count on data source VI.New, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- Vulnerable Configuration Items
- It is the count distinct on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- Summed Duration of Closed Vulnerable Items
- It is the sum on data source VI.Closed, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- Non-Deferred Remediation Tasks
- It is the count on data source VG.Active, which is using the table: sn_vul_vulnerability. Goal is to minimize.
- Vulnerable Item Mean Time to Remediate
- [[Summed Duration of Closed Vulnerable Items]] / [[Closed Vulnerable Items]]
- Critical Overdue Vulnerable Items (Services)
- It is the count on data source Active VIs (Services), which is using the table: sn_vul_analytics_business_services_vi. Goal is to minimize.
- Retired Configuration Items
- It is the count distinct on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- Deferral Requests
- It is the count on data source Active Deferral Requests, which is using the table: sn_vul_change_approval. Goal is to minimize.
- Vulnerable Items by Configuration Items
- It is the count on data source CIs with Active VIs, which is using the table: sn_vul_analytics_vi_ci_class. Goal is to minimize.
- Closed Vulnerable Items
- Closed Vulnerable Items is measured daily as unit #. The goal is to maximize.
- Unmatched Configuration Items
- Lists the hosts discovered by 3rd party vulnerability scanners that don't match any existing CIs in the CMDB.
- Non-Deferred Overdue Critical Remediation Tasks
- It is the count on data source VG.Active, which is using the table: sn_vul_vulnerability. Goal is to minimize.
- Vulnerable Configuration Items Without Support Group
- It is the count on data source VI.Open, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- Non-Deferred Critical Remediation Tasks
- It is the count on data source VG.Active, which is using the table: sn_vul_vulnerability. Goal is to minimize.
- Deferred Vulnerable Items
- It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- High Vulnerable Items (Services)
- It is the count on data source Active VIs (Services), which is using the table: sn_vul_analytics_business_services_vi. Goal is to minimize.
- Distinct Configuration Items with Active Vulnerable Items
- It is the count distinct on data source CIs with Active VIs, which is using the table: sn_vul_analytics_vi_ci_class. Goal is to minimize.
- Average Number of Vulnerable Items per Configuration Item
- [[Active Vulnerable Items]] / [[Vulnerable CIs]]. Goal is to minimize.
- Remediation Tasks
- It is the count on data source VG.Active, which is using the table: sn_vul_vulnerability. Goal is to minimize.
- Critical Deferred Vulnerable Items
- It is the count on data source VI.Active, which is using the table: sn_vul_vulnerable_item. Goal is to minimize.
- Deferral Requests (created)
- It is the count on data source Closed.Requests, which is using the table: sn_vul_change_approval. Goal is to minimize.
Breakdowns
- Age
- Age Closed
- Assignment Group
- CI Class
- CI Manager
- Deferral Age
- Deferral Reason
- Exception Requesters
- Exploit Attack Vector
- Exploit Exists
- Exploit Skill Level
- Remediation Target Rule
- Remediation Target Status
- Remediation Target Status (Closed)
- Risk Rating
- Service
- Service Criticality
- Service Owner
- Severity
- State
- Assignment Group: Applies to VI or and RT reports
- Exploit Exists: Applies to VI reports.
- Exploit Attack Vector: Applies to VI reports.
- Exploit Skill Level: Applies to VI reports.
- Remediation Target Status: Applies to VI and RT reports.
- Risk Rating: Applies to VI and RT reports.
- State: Applies to VI and RT reports.
Data visualizations
| Title | Type | Description |
|---|---|---|
| Vulnerabilities | Single Score  |
Number of vulnerabilities associated with one or more active vulnerable items. |
| Vulnerable Items (VIs) | Single Score |
Number of active (non-closed) vulnerable items. |
| Vulnerable Configuration Items (CIs) | Single Score |
Number of configuration items (CIs) associated with one or more active vulnerable items. |
| Remediation Tasks | Single Score |
Number of active (non-closed) remediation tasks. |
| Vulnerable Items by Risk Rating | Bar  |
Number of active vulnerable items grouped by risk rating over the selected time span. |
| Vulnerable Items by Age and Risk Rating | Heatmap  |
Number of active vulnerable items grouped by risk rating and age (in days). |
| VIs Met Remediation Target | Single Score |
Percentage of closed vulnerable items that have met their remediation target dates in the current and previous quarters. Remediation targets are calculated from the Last Opened date plus the number of days (measured as 24-hour increments). |
| VIs Mean Time to Remediation (MTTR) | Single Score |
The mean time to remediate (close) a vulnerable item, displayed as a 30-day running
average. Note: The value for Age Closed is calculated when data is collected. The value is
the difference between the last_opened date and the date and time of the collection
job. |
| Critical Remediation Tasks Near Due | Single Score |
Number of active remediation tasks approaching their remediation target date. The remediation target date of a remediation task is set to the closest due date belonging to an active vulnerable item in the group. Remediation targets are calculated from the Last Opened date plus the number of days (measured as 24-hour increments). This report excludes deferred remediation tasks. |
| New and Closed Vulnerable Items | Bar |
Number of New and Closed vulnerable items over the selected time span. Note: The value
for Age Closed is calculated when data is collected. The value is the difference between
the last_opened date and the date and time of the collection job. |
| Closed Vulnerable Items by Remediation Target Status | Bar |
Number of Closed vulnerable items grouped by remediation target status over the
selected time span. Note: The value for Age Closed is calculated when data is collected. The
value is the difference between the last_opened date and the date and time of the
collection job. |
| Critical Vulnerable Items by Assignment Group | List and Line
 |
Number of active vulnerable items with a critical risk rating grouped by assignment group. |
| Overdue Critical Vulnerable Items by Assignment Group | List and Line
|
Number of active vulnerable items with a critical risk rating and past their remediation target dates, grouped by assignment group. Remediation targets are calculated from the Last Opened date plus the number of days (measured as 24-hour increments). This report excludes deferred vulnerable items. |
| Name | Type | Description |
|---|---|---|
| Critical Vulnerable Items | List, Line, and Distribution Bar
 |
Number of active vulnerable items with a critical risk rating, grouped by business service. Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend. The distribution bar displays the difference between all values on the current page of the scorecard. |
| Overdue Critical Vulnerable Items | List, Line, and Distribution Bar
|
Number of active vulnerable items with a critical risk rating and past their remediation target dates, grouped by business service. Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend. The distribution bar displays the difference between all values on the current page of the scorecard. This report excludes deferred vulnerable items. |
| High Vulnerable Items | List, Line, and Distribution Bar
|
Number of active vulnerable items with a high risk rating, grouped by business service. Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend. The distribution bar displays the difference between all values on the current page of the scorecard. |
| Overdue High Vulnerable Items | List, Line, and Distribution Bar
|
Number of active vulnerable items with a high risk rating and past their remediation target dates, grouped by business service. Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend. The distribution bar displays the difference between all values on the current page of the scorecard. This report excludes deferred vulnerable items. |
| Name | Type | Description |
|---|---|---|
| Critical Vulnerable Items | List, Line, and Distribution Bar
|
Number of active vulnerable items with a critical risk rating, grouped by business service owner. Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend. The distribution bar displays the difference between all values on the current page of the scorecard. |
| Overdue Critical Vulnerable Items | List, Line, and Distribution Bar
|
Number of active vulnerable items with a critical risk rating and past their remediation target dates, grouped by business service owner. Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend. The distribution bar displays the difference between all values on the current page of the scorecard. This report excludes deferred vulnerable items. |
| High Vulnerable Items | List, Line, and Distribution Bar
|
Number of active vulnerable items with a high risk rating, grouped by business service owner. Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend. The distribution bar displays the difference between all values on the current page of the scorecard. |
| Overdue High Vulnerable Items | List, Line, and Distribution Bar
|
Number of active vulnerable items with a high risk rating and past their remediation target dates, grouped by business service owner. Displays a weekly average from the current and prior week, the difference between the two weeks (in count and percent), and a trend. The distribution bar displays the difference between all values on the current page of the scorecard. This report excludes deferred vulnerable items. |
| Name | Type | Description |
|---|---|---|
| Vulnerable Configuration Items (CIs) by CI Class | Bar |
Numbers of configuration items with active vulnerabilities, grouped by CI class in the CMDB. |
| Vulnerable Items (VIs) by CI Class | Treemap 
|
Number of active VIs broken down by CI class. |
| Average Vulnerable Items per CI | Bar |
Average number of vulnerable items belonging to a configuration item, grouped by risk rating. |
| Unmatched CIs | Single Score |
Number of imported configuration items that do not match any existing CI in the CMDB. |
| Vulnerable CIs Without Support Group | Single Score |
Number of vulnerable configuration items that do not have an assigned support group. |
| Retired or Stolen CIs with Active VIs | Single Score |
Number of configuration items marked Retired or Stolen in the CMDB that have active vulnerable items. |
| Name | Type | Description |
|---|---|---|
| Deferred Vulnerable Items by Reason | Bar |
Number of deferred vulnerable items grouped by deferral reason. |
| Deferral Requests About to Expire | Bar |
Number of deferral requests associated with remediation tasks or vulnerable items that are about to be reopened for review. They are grouped by the number of days left until they reopen. If email notifications are defined, an email is sent. |
| Deferred Vulnerable Items by Configuration Item (CI) Manager | Bar |
Number of deferred vulnerable items grouped by the manager for the associated configuration item. |
| Name | Type | Description |
|---|---|---|
| Remediation Tasks by Risk Rating and State | Heatmap |
Number of active remediation tasks grouped by risk rating and state. |
| Remediation Tasks by Risk Rating and Remediation Target Status | Heatmap |
Number of active tasks grouped by risk rating and remediation target status. This report excludes deferred vulnerable items. |
| Critical Remediation Tasks by Assignment Group | List and Line
|
Number of active remediation tasks with a critical risk rating grouped by assignment group. This report excludes deferred remediation tasks. |
| Overdue Critical Remediation Tasks by Assignment Group | List and Line
|
Number of active remediation tasks with a critical risk rating and past their remediation target dates, grouped by assignment group. This report excludes deferred remediation tasks. |
| Unassigned Remediation Tasks | Single Score |
Number of active remediation tasks without an assignee or assignment group. |
| Unassigned Vulnerable Items | Single Score |
Number of active vulnerable items without an assignee or assignment group. |