Life cycles of remediation efforts, remediation tasks, and records in the Vulnerability Response Workspaces

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Life cycles of remediation efforts, remediation tasks, and records in the Vulnerability Response Workspaces

    This content explains how the states and life cycles of remediation efforts (REs), remediation tasks (RTs), and vulnerability records are managed within the Vulnerability Response Workspaces in ServiceNow, specifically in the Yokohama release. It covers the creation, transfer, and state changes of remediation efforts and their associated records, helping customers understand the workflow and management of vulnerabilities during remediation.

    Show full answer Show less

    Creating Remediation Efforts

    • Remediation efforts can be created manually or as recurring efforts from a watch topic within the workspace.
    • Only Active vulnerability records are added to remediation efforts.
    • Each record can be part of multiple remediation tasks but can only be associated with one remediation effort.
    • Recurring remediation efforts generate subsequent efforts automatically based on predefined criteria, with only one recurring effort allowed per watch topic.
    • Remediation efforts automatically deactivate when no active records remain.

    Transferring Records Between Remediation Efforts

    • Records can be transferred from one remediation effort to another during the creation of a new remediation effort by selecting the option to transfer matching records from other active remediation efforts.
    • If records transfer to a new remediation effort within the same watch topic:
      • All remediation tasks from the old effort move to the new effort.
      • New remediation tasks are created for records that were not previously part of any task.
      • The old remediation effort is deactivated.
    • If records transfer to a new remediation effort in a different watch topic:
      • All records move to the new effort with remediation tasks created based on grouping criteria.
      • If all records from an old remediation task are transferred, those tasks are closed and canceled.
      • If only some records are transferred, tasks are split and remain active.
    • Records cannot be transferred from recurring remediation efforts to new remediation efforts, but transfers from non-recurring efforts are allowed.

    Roles Required

    The following roles are necessary to manage remediation efforts and tasks based on the type of vulnerable item:

    • Host Vulnerable Items (VITs): snvul.vulnerabilityanalyst, snvul.vulnerabilityadmin
    • Application Vulnerable Items (AVITs): snvul.appsecmanager
    • Container Vulnerable Items (CVITs): snvulcontainer.vulnerabilityanalyst, snvulcontainer.vulnerabilityadmin
    • Configuration Test Results (CTRs): snvulc.admin

    Practical Implications for ServiceNow Customers

    Understanding these life cycles helps customers efficiently manage vulnerability remediation by:

    • Automating the creation and management of remediation efforts to keep remediation organized and up to date.
    • Ensuring only active vulnerabilities are worked on, improving focus and resource allocation.
    • Transferring records between efforts to accommodate changes in remediation scope or watch topics without losing tracking continuity.
    • Clarifying role responsibilities to maintain proper access and control over remediation workflows.

    The states of records and their associated remediation tasks (RTs) are impacted if records are deferred, resolved, reopened, and transferred to other remediation efforts (REs).

    Roles required:
    • sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs)
    • sn_vul.app_sec_manager for application vulnerable items (AVITs)
    • sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs)
    • sn_vulc.admin for configuration test results (CTRs)

    Creating remediation efforts

    How the states and life cycles of remediation efforts, remediation tasks, and records are impacted depends on how a remediation effort is created, when it’s created, and if it’s deactivated.

    From the list in the upper right on a watch topic, you can create a remediation effort by clicking Create a Remediation Effort or Create recurring effort. You can create one recurring remediation effort per watch topic. If you create a recurring remediation effort, subsequent remediation efforts for the associated watch topic are created automatically based on the criteria you set. In either case:

    • To facilitate remediation, only Active records are added to the remediation efforts.
    • All records in new remediation efforts are placed in new remediation tasks. Records can exist in multiple remediation tasks, but only one record can be associated with a remediation effort.
    Note:
    A Remediation Effort is deactivated automatically when there are no active records.

    Transferring records or record carry over

    You can transfer records from one remediation effort to another when creating a remediation effort by selecting the Transfer matching records from other active remediation efforts check box. For more information on how to transfer the records, see Transfer records to remediation efforts in the Vulnerability Manager Workspace. If records are transferred from a remediation effort or carried over into recurring remediation efforts:

    To a new remediation effort in the same watch topic
    • All Remediation Tasks from the old Remediation Effort are moved to the new Remediation Effort.
    • New Remediation Tasks are created based on the chosen grouping criteria for the records previously not part of any Remediation Task.
    • The old Remediation Effort is deactivated.
    To a new remediation effort in a different watch topic
    All the records from the old Remediation Effort are moved to the new Remediation Effort and Remediation Tasks are created based on the chosen grouping criteria.
    • If all records in the Remediation Tasks associated with the old Remediation Effort are transferred, these Remediation Tasks are closed-canceled.
    • If only a subset of records are transferred, the Remediation Tasks associated with the old Remediation Effort are split and remain active.
    The closed Remediation Tasks associated with old Remediation Effort are not affected.
    Note:
    You can’t transfer records from recurring remediation efforts into new remediation efforts. However, you can transfer records from existing, non-recurring remediation efforts into new remediation efforts. See Transfer records to remediation efforts in the Vulnerability Manager Workspace for more information about transferring records.