Examples for remediation task creation in the Vulnerability Manager Workspace and IT Remediation Workspace

  • Release version: Yokohama
  • Updated January 30, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Examples for Remediation Task Creation in the Vulnerability Manager Workspace and IT Remediation Workspace

    This guide explains how to manually create remediation tasks in the Vulnerability Manager Workspace and IT Remediation Workspace within ServiceNow's Yokohama release. When creating remediation tasks from selected vulnerable items, records are grouped into tasks based on chosen grouping criteria. Additionally, users decide how to handle records already linked to existing remediation tasks.

    Show full answer Show less

    Remediation Task Grouping and Management

    Users select vulnerable records and provide details including a description and grouping criteria. The system then organizes records into remediation tasks accordingly. Four main grouping criteria scenarios illustrate how tasks are created and how records already in remediation tasks are managed:

    • Scenario 1: Group by Assignment Group; Skip Records Already in Tasks
      Records with the same assignment group form one remediation task. Records already assigned to remediation tasks are excluded from new tasks, resulting in three distinct remediation tasks based on assignment groups.
    • Scenario 2: Group by Assignment Group and Configuration Item; Transfer Records
      Records sharing the same assignment group and configuration item are grouped together. Records previously part of other remediation tasks are transferred to new tasks, creating five remediation tasks with updated record assignments.
    • Scenario 3: Group by Assignment Group and Vulnerability; Keep Records in Both Tasks
      Records with the same assignment group and vulnerability are grouped, and existing remediation task memberships are retained. This leads to five remediation tasks where records can belong to multiple tasks simultaneously.
    • Scenario 4: Group by Assignment Group and Risk Rating; Keep Records in Both Tasks
      Records are grouped by assignment group and risk rating, with records remaining in their original remediation tasks as well. This approach creates five remediation tasks, supporting multi-task membership.

    Practical Implications for ServiceNow Customers

    • By selecting appropriate grouping criteria, customers can tailor remediation task creation to align with organizational processes and responsibilities.
    • Managing how records already assigned to remediation tasks are handled (skip, transfer, or keep in both) provides flexibility in task management and avoids duplication or conflicts.
    • Grouping by assignment group allows for clear ownership and accountability, while adding configuration item, vulnerability, or risk rating enables more granular task segmentation.
    • These configurable options help optimize remediation workflows in both Vulnerability Manager and IT Remediation Workspaces, improving efficiency and clarity in vulnerability resolution.

    For detailed steps on creating remediation tasks manually, customers should consult the specific procedures for the Vulnerability Manager Workspace and IT Remediation Workspace.

    When you create remediation tasks manually in the Vulnerability Manager Workspace and IT Remediation Workspace, records are grouped into a remediation task based on the grouping criteria you select.

    Consider the following example where 10 records are selected for remediation task creation. After providing the record selection details and a brief description, select the Grouping criteria according to your requirement and then select how you want to manage the records that are already part of existing remediation tasks.

    Remediation task creation based on the grouping criteria

    Table 1. Vulnerable items selected for remediation task creation
    Vulnerable item id Existing remediation tasks Assignment group Configuration item Vulnerability Risk rating
    VIT10001 VUL10021, VUL10022 Remediation Manager APSVR-NY-1672 CVE-2018-9020 4
    VIT10002 - Vulnerability Response DEV-IBM-NY-682 CVE-2018-9020 2
    VIT10003 VUL10021 LDAP Admins DEV-IBM-NY-682 CVE-2012-5357 1
    VIT10004 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 4
    VIT10005 VUL10022 Vulnerability Response DEV-IBM-NY-682 CVE-2018-9020 2
    VIT10006 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 2
    VIT10007 - LDAP Admins DEV-SAP-SD-9388 CVE-2013-3906 1
    VIT10008 - LDAP Admins DEV-IBM-NY-682 CVE-2013-3906 1
    VIT10009 - Remediation Manager CRMBK-SD-4210 CVE-2013-1710 2
    VIT10010 - LDAP Admins DEV-SAP-SD-9388 CVE-2013-3906 4

    The following list shows how the records are grouped into remediation tasks based on the grouping criteria selected when creating the remediation task.

    Scenario1: Grouping criteria is selected as “Assignment group” and Managing records in other remediation tasks is selected as “Skip records for the new remediation tasks”
    The records with the same assignment group are grouped into one remediation task. The records that are already part of existing remediation tasks are not added to the new remediation tasks. Here, three remediation tasks are created, each containing the records that are assigned to the Remediation Manager, LDAP Admins, and Vulnerability Response assignment groups.
    Table 2. Remediation task created in scenario 1
    Remediation tasks created Records in the remediation task
    Remediation task 1 - VUL10001 This remediation task contains the records that are assigned to the Remediation Manager assignment group:
    • VIT10004
    • VIT10006
    • VIT10009

    The VIT10001 record will not be moved to the VUL10001 remediation task.
    Remediation task 2 - VUL10002 This remediation task contains the VIT10002 record that is assigned to the Vulnerability Response assignment group.

    The VIT10005 record will not be moved to the VUL10002 task.
    Remediation task 3 - VUL10003 This remediation task contains the records that are assigned to the LDAP Admins assignment group:
    • VIT10007
    • VIT10008
    • VIT10010

    The VIT10003 record will not be moved to the VUL10003 remediation task.
    Scenario 2: Grouping criteria is selected as “Assignment group and configuration item” and Managing records in other remediation tasks is selected as “Transfer records to the new remediation tasks”
    The records with the same configuration item that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records are removed from their old remediation tasks and moved to the new remediation tasks. Here, five remediation tasks are created.
    Table 3. Remediation tasks created in scenario 2
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10004 This remediation task contains the records that are assigned to Remediation owner assignment group and with APSVR-NY-1672 configuration item.
    • VIT10001

    The VIT10001 record will be removed from the VUL10021, and VUL10022 remediation tasks.
    Remediation task 2 - VUL10005 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with DEV-IBM-NY-682 configuration item.
    • VIT10002
    • VIT10005

    The VIT10005 record will be removed from the VUL10022 remediation task.
    Remediation task 3 - VUL10006 This remediation task contains the records that are assigned to LDAP Admins assignment group and with DEV-IBM-NY-682 configuration item.
    • VIT10003
    • VIT10008

    The VIT10003 record will be removed from the VUL10021 remediation task.
    Remediation task 4 - VUL10007 This remediation task contains the records that are assigned to Remediation Manager assignment group and with CRMBK-SD-4210 configuration item.
    • VIT10004
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10008 This remediation task contains the records that are assigned to LDAP Admins assignment group and with DEV-SAP-SD-9388 configuration item.
    • VIT10007
    • VIT10010
    Scenario 3: Grouping criteria is selected as “Assignment group and vulnerability” and Managing records in other remediation tasks is selected as “Keep records in both the current and new remediation tasks”
    The records with the same vulnerability that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records will be added to their respective new remediation tasks without being removed from their old remediation tasks.Here, five remediation tasks are created.
    Table 4. Remediation tasks created in scenario 3
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10009 This remediation task contains the records that are assigned to Remediation owner assignment group and with CVE-2018-9020 vulnerability.
    • VIT10001

    The VIT10001 record will remain part of VUL10021, and VUL10022 remediation tasks as well.
    Remediation task 2 - VUL10010 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with CVE-2018-9020 vulnerability.
    • VIT10002
    • VIT10005

    The VIT10005 record will remain part of VUL10022 remediation task as well.
    Remediation task 3 - VUL10011 This remediation task contains the records that are assigned to LDAP Admins assignment group and with CVE-2012-5357 vulnerability.
    • VIT10003

    The VIT10003 record will continue to be part of the VUL10021 remediation task also.
    Remediation task 4 - VUL10012 This remediation task contains the records that are assigned to Remediation Manager assignment group and with CVE-2013-1710 vulnerability.
    • VIT10004
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10013 This remediation task contains the records that are assigned to LDAP Admins assignment group and with CVE-2013-3906 vulnerability.
    • VIT10007
    • VIT10008
    • VIT10010
    Scenario 4: Grouping criteria as “Assignment group and risk rating” and Managing records in other remediation tasks is selected as “Keep records in both the current and new remediation tasks”
    The records with the same risk rating that are assigned to the same assignment group are grouped into a remediation task. The VIT10001, VIT10003, and VIT10005 records will be added to their respective new remediation tasks without being removed from their old remediation tasks. Here, five remediation tasks are created.
    Table 5. Remediation task created in scenario 4
    Remediation tasks created Records part of remediation task
    Remediation task 1 - VUL10014 This remediation task contains the records that are assigned to Remediation owner assignment group and with 4 risk rating.
    • VIT10001
    • VIT10004

    The VIT10001 record will continue to be part of VUL10021and VUL10022 remediation tasks.
    Remediation task 2 - VUL10015 This remediation task contains the records that are assigned to Vulnerability Response assignment group and with 2 risk rating.
    • VIT10002
    • VIT10005

    The VIT10005 record will continue to be part of VUL10022 remediation task.
    Remediation task 3 - VUL10016 This remediation task contains the records that are assigned to LDAP Admins assignment group and with 1 risk rating.
    • VIT10003
    • VIT10007
    • VIT10008

    The VIT10003 record will continue to be part of VUL10021 remediation task.
    Remediation task 4 - VUL10017 This remediation task contains the records that are assigned to Remediation Manager assignment group and with 2 risk rating.
    • VIT10006
    • VIT10009
    Remediation task 5 - VUL10018 This remediation task contains the records that are assigned to LDAP Admins assignment group and with 4 risk rating.
    • VIT10010