Assign a priority and exposure level to the vulnerability assessment record

  • Release version: Yokohama
  • Updated March 12, 2026
  • 1 minute to read

    • Manually assign priority and exposure level to the vulnerability assessment record.

    Before you begin

    Role required: sn_vul_analyst.vul_event_manager

    Procedure

    1. Navigate to Workspaces > Vulnerability Assessment workspace.
    2. Select a vulnerability assessment record.
    3. Navigate to Risk Attributes in the Details tab.
    4. Select a Priority from the list of options.
    5. Select an Exposure Level from the list of options.
    6. Select Save.

    Result

    When you update the priority of a vulnerability assessment (VA), the system also updates the priority of all associated vulnerable items (VITs) and application vulnerable items (AVITs).

    If a VIT or AVIT is linked to multiple VA records, the system assigns the highest severity (lowest priority number) from all linked assessments.

    Example

    If a VIT is associated with three VA records with priorities 2, 3, and 4, the system sets the VIT priority to 2 (High).
    Note:
    This priority roll-down applies only to VITs and AVITs created through SAM NVD assessments or the Vulnerability Assessment Workspace (Source = ServiceNow VR). Vulnerable items imported from third-party scanners retain the priority determined by the scanner integration’s severity mapping.