Configure OT remediation task rules

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • For remediation tasks that are created in the Industrial Workspace, update existing remediation task rules to prevent imported vulnerable items from automatically adding OT devices.

    Before you begin

    Role required: sn_sec_wf.manage_admin_rules

    When vulnerable items are imported, they can be added to remediation tasks based on configured remediation task rules. If you use Vulnerability Response for both IT and OT networks, you must modify a configuration if you group Vulnerability Items for remediation differently between IT and OT networks. Operational Technology Vulnerability Response provides a sample Remediation Task Rule record that is loaded with demo data to demonstrate how to exclude OT network vulnerabilities from being grouped automatically.

    Configure any new or existing Remediation Task Rules based on your remediation strategy:
    • If your remediation strategy is to automatically create remediation tasks only for vulnerabilities within your IT environment, add the following condition to each existing remediation task rule to exclude OT vulnerabilities:
      • Configuration Item . OT device details = is empty
    • If your remediation strategy is to automatically create remediation tasks for all OT vulnerable items, create an appropriate rule.
    Figure 1. Sample shipped with OT VR demo data: Remediation Task Rule - Vulnerability (exclude OT)

    Remediation Task Rule

    Procedure

    1. Navigate to All > Industrial Workspace > Guided Setup > Operational Technology Vulnerability Response > Remediation Task Rules > Configure.
    2. Alternatively, navigate to Workspaces > Security Exposure Management > Administration > Remediation Task.
    3. Select the name of the rule you want to update.
      • Define the rules such that all vulnerable items within a group are remediated by the same team, the same remediation action, and the same timeframe. For example, group by vulnerable item "Assignment group", "Vulnerability", and CI "Used for" (ex. Production, Staging, Development) if those environments have different maintenance windows.
      • For more information about remediation task rules, see Vulnerability Response Workspaces.

      • For more information about remediation tasks, see Explore the IT Remediation Workspace.