Removing assignments from Application Vulnerability Response vulnerable items and remediation tasks

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Removing assignments from Application Vulnerability Response vulnerable items and remediation tasks

    ServiceNow Application Vulnerability Response (AVR) enables you to clear theAssigned toandAssignment groupfields on vulnerable items (AVITs) and remediation tasks (AVULs) if you determine they are incorrectly assigned or outside your remediation scope. This unassign action can be performed directly from the AVIT or AVUL records in both classic and workspace views, unless the items are in aClosedorResolvedstate.

    Show full answer Show less

    The unassign process ensures that when assignments are cleared on remediation tasks, associated vulnerable items with matching assignment groups are also unassigned, except when vulnerable items have manually set different assignment groups.

    Key Features

    • Unassign Button: Available on AVIT and AVUL records to remove assignments.
    • Bulk Unassign: Clear assignments for multiple AVITs simultaneously using the Bulk Edit feature with an Unassign checkbox.
    • Approval Workflow: By default, unassign requests trigger an approval process that routes requests to designated approvers, visible in the My Approvals list.
    • System Properties Management:
      • snvul.unassignvr.approvalrequired: Controls if approval is needed; can be disabled by vulnerability administrators.
      • snvul.defaultassignmentgroup: Defines a default group to assign when clearing existing assignments, allowing reassignment to a specific group for review.
    • Visibility: Unassigned records appear in the Unassigned module within Application Vulnerability Response for easy tracking.

    Practical Benefits for ServiceNow Customers

    This capability empowers your security and remediation teams to efficiently correct assignment errors and manage workload distribution without manual record updates or risk of overlooked vulnerabilities. The approval process adds governance, ensuring assignment removals are reviewed appropriately. System properties provide flexibility to tailor the unassign workflow and notifications to align with your organizational policies.

    As a result, you can maintain cleaner assignment data, improve remediation accuracy, and ensure proper oversight of vulnerability and remediation task ownership across your teams.

    You can clear the Assigned to and Assignment group fields on Application Vulnerability Response vulnerable items directly from the application vulnerable item and remediation task records that you determine might be incorrectly assigned to you or your groups.

    Overview for the workflow

    If you determine that Application Vulnerability Response vulnerable items (AVITs) and remediation tasks (AVULs) aren't within your scope for remediation, or if you think that records have been incorrectly assigned to you or to your groups, you can remove yourself or your groups from the Assigned to and Assignment group fields on AVIT and AVUL records.

    The unassign workflow is supported in the classic and workspace views for AVITs and AVULs.

    You have the option to send requests to clear the assignment fields for approval. See Approve or reject an unassign request in Vulnerability Response for more information.

    • The Unassign button is displayed on AVIT and AVUL records in any state other than the Closed or Resolved.
    • After the request to clear the fields is approved, all the Assigned to and Assignment group fields on the AVITs that are associated with an AVUL that have the same assignment group are also unassigned. If any application vulnerable item has a different assignment group than its associated remediation task, it is not unassigned. In most cases these application vulnerable items have been manually assigned. See Removing assignments from vulnerable items and remediation tasks for more information.
    • Any records that you update with either the UI action or manually are displayed on the Unassigned module for Application Vulnerability Response.
    • You can clear the assignment fields for multiple AVITs on a list. After you select the AVITs and select Bulk Edit, on the dialog that is displayed, select the Unassign check box.

    See Remove assignments from vulnerable items and remediation tasks for more information about the steps for how to clear the assignment fields.

    System properties and approval notifications

    If a remediation owner selects Unassign on a record, by default, the sn_vul.unassign_vr.approval_required system property triggers the approval flow and creates a state change approval record in the Review state, and the request is routed for approval. The request is displayed on the My Approvals list for users with the sn_vul_.unassign_approver.

    Note:
    As a vulnerability administrator [sn_vul.vulnerability_admin], you can set the sn_vul.unassign_vr.approval_required system property to false to disable the approval process.

    Additionally, you can change the value in the sn_vul.default_assignment_group system property so if the assignment fields are cleared, a specific group is assigned. For example, if a user clicks Unassign on a record and you want to redirect it to a specific group for review, you can add the system ID for the group of your choice in the value field of the system property.

    Note:
    If you change this value, notifications for all the VITs, AVITs, and CVITs that are unassigned are sent to the group you specify.

    See Removing assignments from vulnerable items and remediation tasks for more information about changing the system properties.