Sample queries for the Retrieve Vulnerability Response data agentic workflow

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Sample queries for the Retrieve Vulnerability Response data agentic workflow

    This content provides guidance for ServiceNow customers on using the Retrieve Vulnerability Response data agentic workflow, introduced in the Zurich release. The AI agent facilitates querying Vulnerability Response (VR) and Application Vulnerability Response (AVR) data using natural language prompts. It helps users retrieve matching vulnerability data records and generate responses based on that data.

    Show full answer Show less

    The AI agent supports dynamic suggestions tailored to the user's role and query context. It does not perform data analysis but focuses on retrieving relevant vulnerability findings data. Users are encouraged to provide detailed and specific prompts to improve response accuracy, especially when multiple numeric fields exist, such as Risk rating, Risk score, CVSS, and EPSS.

    Using the AI Agent Effectively

    • Queries can be entered in natural language and can reference either Vulnerable Items (VITs) or Application Vulnerable Items (AVITs) depending on the data type.
    • To avoid ambiguous results, specify fields clearly (e.g., “Risk rating 1 - Critical”) rather than general numeric values.
    • The AI agent maintains conversational context until the chat is closed, enabling follow-up questions without re-specifying context.
    • Users should verify the AI agent’s responses for accuracy.

    Sample Queries by Role

    Examples of role-specific queries help users quickly understand how to retrieve relevant vulnerability data:

    IT Remediation Owner

    • Retrieve open VITs with remediation targets due within 7 days.
    • List open critical VITs that are internet-facing and assigned to the user.
    • Show all open VITs currently assigned to the user.
    • Identify deferred VITs assigned to the user that will expire within 30 days.

    Vulnerability Analyst or Admin

    • Show open VITs with active exploits in the wild.
    • List open critical VITs with remediation targets within 7 days.
    • Retrieve all open internet-facing VITs.
    • Identify deferred VITs expiring in 7 days.
    • Show all unassigned VITs.

    Practical Benefits

    ServiceNow customers leveraging this workflow can quickly access targeted vulnerability data to support remediation planning, risk assessment, and vulnerability management activities. The AI-driven approach simplifies querying by interpreting natural language prompts, allowing remediation owners and analysts to focus on addressing vulnerabilities rather than constructing complex queries.

    The following sample prompts might help you become familiar with the Retrieve Vulnerability Response data agentic workflow.

    Notes on queries and prompts

    You can enter prompts or queries in natural language. Based on your role, suggestion questions or prompts for a topic are also provided dynamically by the AI agent.

    For Application Vulnerability Response findings, substitute application vulnerable items (AVITs) for (VITs) in your queries.

    • This AI agent is designed to help you answer query-related questions about data for Vulnerability Response and Application Vulnerability Response findings.
    • Prompts that involve any sort of data analysis of the vulnerability data that might match your questions are not supported by this AI agent.
    • The AI agent searches for the vulnerability data that matches your question, retrieves it, and creates responses for you based on the data available.
    • You might prefer to provide as much detail as you can for your questions to help the AI agent.

      For example, as a remediation owner, if you ask the agent a general question such as, Retrieve all the vulnerable items with scores 5 or greater, the AI agent's response might be, No vulnerable items with scores 5 or greater were found. You may want to rephrase your question or adjust your criteria.

      On findings records, there are multiple fields that might be populated by numeric values such as Risk rating, Risk score, Common Vulnerability Scoring System (CVSS), and Exploit Prediction Scoring System (EPSS). Given this request, the AI agent won't know which field you want unless you specify it or provide more details. You can help the AI agent by being specific and rephrasing your question to something like, Show me all the open VITs with Risk rating 1 - Critical.

    • As long as you do not close the conversation, the AI agent uses the context of the conversation for its next response. Select the plus icon (Icon that indicates you can start a new chat) to start a new chat.
    • Be sure to check the answers for accuracy.

    IT Remediation owner

    Note:
    These tables are not exhaustive lists. Your results for the following sample prompts may vary. The AI agent searches for the vulnerability data that matches your question, retrieves it, and creates responses for you based on the data that is available.
    Table 1. Sample questions for the IT Remediation owner
    Samples
    Show me all the open VITs with a remediation target within the next 7 days.
    Show me all the open critical VITs that are internet-facing and assigned to me.
    Show me all the open VITs that are currently assigned to me.
    Show me all the deferred VITs assigned to me that will expire within the next 30 days.

    Vulnerability analyst or admin

    Table 2. Sample questions for the vulnerability analyst
    Samples
    Show me all open VITs with active exploits in the wild.
    Show me all the open critical VITs that have a remediation target within 7 days.
    Show me all the open VITs that are internet-facing.
    Show me all the deferred VITs that are about to expire in 7 days.
    Show me all the VITs that are currently unassigned.