Viewing patch data for the Vulnerability Response patch orchestration integration with HCL BigFix
Summarize
Summary of Viewing patch data for the Vulnerability Response patch orchestration integration with HCL BigFix
This content explains how ServiceNow customers can view and manage patch data within the Vulnerability Response (VR) patch orchestration integration with HCL BigFix, specifically in the Yokohama release. It details where patch and vulnerability information is displayed across various VR Workspaces and describes the roles required to access and configure patch data. The integration enables tracking of patch statuses, remediation progress, and patch scheduling directly from VR records.
Show less
Access and Roles
- snvulpatchorch.configurepatch: Required to configure and schedule patches.
- snvulpatchorch.readpatch: Required for read-only access to patch information; inherited by remediationowner and vulnerabilityanalyst roles.
Where to View Patch Data
- IT Remediation Workspace:
- Home view: Access scorecards for Preferred Solutions on Vulnerable Items (VIs), Vulnerable Configuration Items (CIs), and Preferred Patches.
- List view: View all Patch Update (VPU) records and assigned Vulnerable Items with patches.
- Patch scheduling available from Patch Update (VPU), Remediation Task (RT), and Discovered Item (SDI) records.
- Vulnerability Manager Workspace:
- Home view: Watch topics show preferred and potential patches, scheduled patch dates, and download status on the Vulnerable Items tab.
- List view: Patch data visible on Vulnerable Item records under remediation efforts.
- Classic Environment: Accessible via All > Vulnerability Response > Patches, displaying Patch Update records and related patch orchestration data.
Patch Update Records and Data Displayed
Patch Update (VPU) records consolidate multiple data points including:
- Vulnerability solution data and vendor patch information imported by Vulnerability Solution Management.
- Source Remediation Status: counts of devices vulnerable and missing updates.
- Remediation Status: percentage of remediated Vulnerable Items and total with preferred patches.
- Related Links: Associated Devices, Vulnerable Items, Patch Deployments, and Patch Requests.
- Patch Requests submitted by remediation owners for approval.
This comprehensive data is visible on tabs within VR Workspaces and the classic view.
State Rollup and Active Vulnerable Item Counts
To optimize performance, only changes to active Vulnerable Item (VI) counts are rolled up to key records such as Vulnerable Item Tasks (VIT), Remediation Tasks (RT), Vulnerability Solutions, and Patch Updates. This selective rollup avoids redundant patch data aggregation across vulnerabilities.
Viewing Patches Without Solutions
Special guidance is provided for viewing patches that do not have associated vulnerability solutions, ensuring customers can manage all patch data effectively.
Dashboard Integration
- Vulnerability Management (PA) Dashboard: Accessible via VR Overview, featuring a Remediation tab that displays patch schedules, missed target dates, and weekly patch counts.
- CISO Dashboard: Shows Patch Coverage data including patch criticality, scheduling status, and patches missing target dates.
- Note: If Performance Analytics is subscribed but patch orchestration integration is not installed, remediation tabs appear but remain unpopulated.
Practical Benefits for ServiceNow Customers
- Centralized visibility into patch and vulnerability remediation status across multiple VR Workspaces and classic views.
- Ability to schedule patches directly from various VR records, streamlining remediation workflows.
- Access to detailed patch update data, including device counts and remediation progress, supporting informed decision-making.
- Integration with Performance Analytics dashboards provides actionable insights into patch coverage and remediation effectiveness.
Patch data and patch rollup data, as well as vulnerability information and remediation status of your vulnerabilities, are displayed on records in your instance.
Viewing patch data in the Vulnerability Response Workspaces
- sn_vul_patch_orch.configure_patch role to configure and schedule patches
- sn_vul_patch_orch.read_patch to view (read only) patch information on records. This role is inherited with the sn_vul.remediation_owner and sn_vuln.vulnerability_analyst roles that are required for the IT Remediation and Vulnerability Manager Workspaces
In the IT Remediation Workspace, you can view patches:
- On the Home view, where you can click scorecards to view records for Preferred solutions on VIs, Vulnerable CIs, and Preferred Patches on VIs.
- On the List view, where you can view all Patch Update records (VPUs) from the Patches links, and the vulnerable items (VITs) that are assigned to you that have patches.
You can schedule patches from the following records:
- From Patch Update (VPU)
- Remediation task (RT)
- Discovered Item (SDI) records
In the Vulnerability Manager Workspace, you can view patches:
- From the Home view on watch topics, where you can view preferred and potential patches, Patch scheduled dates, and, if the patch has been downloaded all on the Vulnerable Items tab.
- From the List view on remediation efforts, where you can view patch data on VI records from theVulnerable Items tab.
From the classic environment view, navigate to .
Patch Update records in the VR Workspaces and in the classic environment view
Patch data and patch rollup data and status are displayed on records in your instance. Patch records are included as part of the patch orchestration feature of this integration with Vulnerability Response. View Patch (VPU) records in Vulnerability Response Workspaces from the List view in the IT Remediation Workspace. Patch Update records in both the classic view and Vulnerability Response Workspaces includes the following data:
- Vulnerability solution data and information from patch vendors imported by the Vulnerability Solution Management application.
- Source Remediation Status that includes the total number of devices that have the a given vulnerability that can be fixed by a patch and any devices that are missing updates.
- Remediation Status that includes % of VIs remediated and the total VIs that have a patch as a preferred patch.
- Associated Devices, Vulnerable Items, Patch Deployments and Patch Requests on the Related Links on records in the class view. This data is displayed on tabs on records in the Vulnerability Response Workspaces.
- Patch Requests that remediation owners have submitted for approval.
State rollup on vulnerable item records
For more information about state rollup to records, see Patch data and state rollup for patch orchestration in Vulnerability Response.
Records that roll up active VI counts
- VIT
- RT
- Vulnerability solution
- Patch Update
Viewing data for patches without solutions
For more information about viewing patches without solutions, see View patches without solutions in Vulnerability Response.
Patch data on the Vulnerability Response
The Vulnerability Management (PA) and CISO dashboards are included with a subscription with the Performance Analytics for the Vulnerability Response application. If you have a subscription for Performance Analytics, but do not have a patch orchestration integration installed, the remediation tab is displayed on the CISO dashboard, but it is not populated with data.
For the Vulnerability Management (PA) dashboard, navigate to . Click the Remediation tab and scroll to the bottom of the page to view Patch Updates data: patches scheduled and not scheduled, patches missing their target dates, and weekly counts.
For the CISO Dashboard, navigate to . With the Overview tab selected, scroll to the bottom of the page to view Patch Coverage data: Criticality, patches scheduled and not scheduled, and patches missing their target dates.
For more information about the Vulnerability Response dashboards, see Using the default Vulnerability Response dashboards, Patch orchestration with the Vulnerability Response Workspaces, and Viewing patch orchestration data on the Vulnerability Response dashboards.