Examples for remediation task creation in the Security Exposure Management Workspace

  • Release version: Yokohama
  • Updated July 31, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Examples for remediation task creation in the Security Exposure Management Workspace

    This guide explains how to manually create remediation tasks within the Security Exposure Management Workspace in ServiceNow. It focuses on how selected vulnerability records are grouped into remediation tasks based on chosen grouping criteria and how records already assigned to existing remediation tasks are handled during creation.

    Show full answer Show less

    Key Features

    • Grouping Criteria: When creating remediation tasks, you can select grouping criteria such as Assignment Group, Assignment Group with Configuration Item, Assignment Group with Vulnerability, or Assignment Group with Risk Rating. This determines how records are clustered into remediation tasks.
    • Managing Records in Existing Tasks: You can choose how to handle records that are already part of remediation tasks with options to skip them, transfer them to new tasks, or keep them in both old and new tasks.
    • Manual Selection: Users start by selecting multiple vulnerable items for remediation task creation, provide details, then apply grouping and management settings to control task creation behavior.

    Use Case Scenarios

    The guide presents four scenarios to illustrate practical implications of different grouping and management settings:

    • Scenario 1 (Group by Assignment Group, Skip Existing Records): Creates remediation tasks grouped by assignment group only. Records already in existing tasks are excluded from new tasks, resulting in fewer tasks without duplicate records.
    • Scenario 2 (Group by Assignment Group and Configuration Item, Transfer Records): Groups records by assignment group and configuration item, transferring records from old tasks to new ones. This allows more granular remediation tasks and consolidates records under updated groupings.
    • Scenario 3 (Group by Assignment Group and Vulnerability, Keep Records in Both): Groups records by assignment group and vulnerability, adding records to new tasks while retaining them in existing tasks. This enables overlapping remediation efforts without losing historical task associations.
    • Scenario 4 (Group by Assignment Group and Risk Rating, Keep Records in Both): Groups by assignment group and risk rating, similarly retaining records in both old and new tasks to allow risk-based remediation segmentation alongside assignment grouping.

    Key Outcomes

    • Improved control over how remediation tasks are structured based on organizational workflow needs, such as by team, vulnerability, configuration item, or risk.
    • Flexibility in managing records across multiple remediation tasks to avoid duplication or enable parallel remediation tracking.
    • Enhanced ability to tailor remediation task creation to the complexity and priority of security exposures, supporting efficient vulnerability management.

    ServiceNow customers can leverage these examples to configure remediation task creation in the Security Exposure Management Workspace effectively, ensuring tasks align with their security operations and reporting requirements.

    When you create remediation tasks manually in the Security Exposure Management Workspace, records are grouped into a remediation task based on the grouping criteria you select.

    Consider the following example where 10 records are selected for remediation task creation. After providing the record selection details and a brief description, select the Grouping criteria according to your requirement and then select how you want to manage the records that are already part of existing remediation tasks.

    Remediation task creation based on the grouping criteria

    Table 1. Vulnerable items selected for remediation task creation
    Vulnerable item id Existing remediation tasks Assignment group Configuration item Vulnerability Risk rating
    VIT10001 VUL10021, VUL10022 Remediation Manager APSVR-NY-1672 CVE-2018-9020 4
    VIT10002 - Vulnerability Response DEV-IBM-NY-682 CVE-2018-9020 2
    VIT10003 VUL10021 LDAP Admins DEV-IBM-NY-682 CVE-2012-5357 1
    VIT10004 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 4
    VIT10005 VUL10022 Vulnerability Response DEV-IBM-NY-682 CVE-2018-9020 2
    VIT10006 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 2
    VIT10007 - LDAP Admins DEV-SAP-SD-9388 CVE-2013-3906 1
    VIT10008 - LDAP Admins DEV-IBM-NY-682 CVE-2013-3906 1
    VIT10009 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 2
    VIT10010 - LDAP Admins DEV-SAP-SD-9388 CVE-2013-3906 4

    The following list shows how the records are grouped into remediation tasks based on the grouping criteria selected when creating the remediation task.

    Scenario1: Grouping criteria is selected as “Assignment group” and Managing records in other remediation tasks is selected as “Skip records for the new remediation tasks”
    The records with the same assignment group are grouped into one remediation task. The records that are already part of existing remediation tasks are not added to the new remediation tasks. Here, three remediation tasks are created, each containing the records that are assigned to the Remediation Manager, LDAP Admins, and Vulnerability Response assignment groups.
    Table 2. Remediation task created in scenario 1
    Remediation tasks created Records in the remediation task
    Remediation task 1 - VUL10001 This remediation task contains the records that are assigned to the Remediation Manager assignment group:
    • VIT10004
    • VIT10006
    • VIT10009

    The VIT10001 record will not be moved to the VUL10001 remediation task.
    Remediation task 2 - VUL10002 This remediation task contains the VIT10002 record that is assigned to the Vulnerability Response assignment group.

    The VIT10005 record will not be moved to the VUL10002 task.
    Remediation task 3 - VUL10003 This remediation task contains the records that are assigned to the LDAP Admins assignment group:
    • VIT10007
    • VIT10008
    • VIT10010

    The VIT10003 record will not be moved to the VUL10003 remediation task.
    Scenario 2: Grouping criteria is selected as “Assignment group and configuration item” and Managing records in other remediation tasks is selected as “Transfer records to the new remediation tasks”
    The records with the same configuration item that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records are removed from their old remediation tasks and moved to the new remediation tasks. Here, five remediation tasks are created.
    Table 3. Remediation tasks created in scenario 2
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10004 This remediation task contains the records that are assigned to Remediation owner assignment group and with APSVR-NY-1672 configuration item.
    • VIT10001

    The VIT10001 record will be removed from the VUL10021, and VUL10022 remediation tasks.
    Remediation task 2 - VUL10005 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with DEV-IBM-NY-682 configuration item.
    • VIT10002
    • VIT10005

    The VIT10005 record will be removed from the VUL10022 remediation task.
    Remediation task 3 - VUL10006 This remediation task contains the records that are assigned to LDAP Admins assignment group and with DEV-IBM-NY-682 configuration item.
    • VIT10003
    • VIT10008

    The VIT10003 record will be removed from the VUL10021 remediation task.
    Remediation task 4 - VUL10007 This remediation task contains the records that are assigned to Remediation Manager assignment group and with CRMBK-SD-4210 configuration item.
    • VIT10004
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10008 This remediation task contains the records that are assigned to LDAP Admins assignment group and with DEV-SAP-SD-9388 configuration item.
    • VIT10007
    • VIT10010
    Scenario 3: Grouping criteria is selected as “Assignment group and vulnerability” and Managing records in other remediation tasks is selected as “Keep records in both the current and new remediation tasks”
    The records with the same vulnerability that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records will be added to their respective new remediation tasks without being removed from their old remediation tasks.Here, five remediation tasks are created.
    Table 4. Remediation tasks created in scenario 3
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10009 This remediation task contains the records that are assigned to Remediation owner assignment group and with CVE-2018-9020 vulnerability.
    • VIT10001

    The VIT10001 record will remain part of VUL10021, and VUL10022 remediation tasks as well.
    Remediation task 2 - VUL10010 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with CVE-2018-9020 vulnerability.
    • VIT10002
    • VIT10005

    The VIT10005 record will remain part of VUL10022 remediation task as well.
    Remediation task 3 - VUL10011 This remediation task contains the records that are assigned to LDAP Admins assignment group and with CVE-2012-5357 vulnerability.
    • VIT10003

    The VIT10003 record will continue to be part of the VUL10021 remediation task also.
    Remediation task 4 - VUL10012 This remediation task contains the records that are assigned to Remediation Manager assignment group and with CVE-2013-1710 vulnerability.
    • VIT10004
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10013 This remediation task contains the records that are assigned to LDAP Admins assignment group and with CVE-2013-3906 vulnerability.
    • VIT10007
    • VIT10008
    • VIT10010
    Scenario 4: Grouping criteria as “Assignment group and risk rating” and Managing records in other remediation tasks is selected as “Keep records in both the current and new remediation tasks”
    The records with the same risk rating that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records will be added to their respective new remediation tasks without being removed from their old remediation tasks. Here, five remediation tasks are created.
    Table 5. Remediation task created in scenario 4
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10014 This remediation task contains the records that are assigned to Remediation owner assignment group and with 4 risk rating.
    • VIT10001
    • VIT10004

    The VIT10001 record will continue to be part of VUL10021and VUL10022 remediation tasks.
    Remediation task 2 - VUL10015 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with 2 risk rating.
    • VIT10002
    • VIT10005

    The VIT10005 record will continue to be part of VUL10022 remediation task.
    Remediation task 3 - VUL10016 This remediation task contains the records that are assigned to LDAP Admins assignment group and with 1 risk rating.
    • VIT10003
    • VIT10007
    • VIT10008

    The VIT10003 record will continue to be part of VUL10021 remediation task.
    Remediation task 4 - VUL10017 This remediation task contains the records that are assigned to Remediation Manager assignment group and with 2 risk rating.
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10018 This remediation task contains the records that are assigned to LDAP Admins assignment group and with 4 risk rating.
    • VIT10010