Request bulk exception in the Security Exposure Management Workspace

Release version: Zurich

Updated March 12, 2026

5 minutes to read

Request an exception for multiple findings concurrently using the bulk edit feature instead of manually selecting each record.

Before you begin

Role required:

sn_vul.vulnerability_analyst, sn_vul.vulnerability_admin, or sn_vul.remediation_owner for host vulnerable items (VITs)
sn_vul.app_sec_manager, sn_vul.app_security_champion for application vulnerable items (AVITs)
sn_vul_container.vulnerability_analyst, sn_vul_container.vulnerability_admin, or sn_vul_container.remediation_owner for container vulnerable items (CVITs)
sn_vulc.admin, sn_vulc.remediation_owner for configuration test results (CTRs)

About this task

When you request an exception for one or more records from the Bulk edit modal, a remediation task is created with the selected records. The remediation task is created only when Deferred or Closed-false positive state is selected.

Note:

The Application Vulnerable Items (AVITs) from the scanners with the Manage exceptions in ServiceNow parameter set to false aren't updated.

If you select AVITs from various scanners, some with the Manage exceptions in ServiceNow parameter set to true and other set to false, the AVITs linked to the scanners with he Manage exceptions in ServiceNow parameter set to false aren't updated.
If you select AVITs from only the scanners with the Manage exceptions in ServiceNow parameter set to false, the Defer option does not appear in the State field in the Bulk Edit modal.

Procedure

Navigate to Workspaces > Security Exposure Management Workspace.
On the List page, open the Active or All list in one of the following lists:
- Host Vulnerable items
- Container Vulnerable items
- Application Vulnerable items
- Configuration Test Results
Perform one of the following:
- Select the check box next to each item if you want to use the Only Selected Items option in the Record selection field.
- Apply filters if you want to use the All records that match filter option in the Record selection field.
Select the Bulk Edit button.

On the form, fill in the following fields to request an exception for multiple findings (VITs, AVITs, CVITs, or TRs) simultaneously.

Table 1. Bulk Edit modal fields
Field	Description
Record selection	Records to update. Choices are: Only Selected Items: Select this option if you want to update the records you selected using the check box. All records that match filter: Select this option if you want to update the filtered records. Remediation Task: Select this option if you want to update the records in a remediation task and then select the desired remediation task in the Remediation task field. Vulnerability Entry: Select this option if you want to update the records specific to a vulnerability and then select a CVE or TPE in the Vulnerability Entry field. Note: This field appears for host vulnerable items, application vulnerable items, and container vulnerable items. Configuration test: Select this option if you want to update the test results specific to a test and then select a test in the Configuration test field. Note: This option appears for Configuration test results only. Note: Records with invalid CI or CI decommissioned aren’t updated. Only the records in the Open, Under Investigation, or Awaiting Implementation state are updated.
State	Select the Deferred state to request an exception for the selected records. Note: When you select this option, the Reason, Short description, Until, and Additional information fields appear. When you defer records, a remediation task is created and this task is sent for approval. Only findings in Open, Under investigation and awaiting implementation state can be deferred.
Reason	Reason for deferring records: Awaiting Maintenance Window Fix Unavailable Risk Accepted Mitigating Control in Place Other Note: The Reason field appears when you select the State as Deferred.
Request for Deferral	Select this check box to request a deferral exception for the selected items. This option appears when the Reason is Mitigating Control in Place.
Request for Risk Reduction	Select this check box to request risk reduction for the selected items. This option appears when the Reason is Mitigating Control in Place and risk reduction is enabled on the associated CVE or TPE. Important: Risk reduction is restricted when the selected items belong to different vulnerabilities. A message is displayed indicating this restriction, and you can proceed with a deferral request only. When risk reduction is disabled for a CVE or TPE, the Request for Risk Reduction option does not appear in the Bulk Edit modal for items associated with that vulnerability. To enable risk reduction, see Disable or enable risk reduction for a CVE or TPE .
Desired risk rating	Target risk rating for the vulnerable items after the compensating controls are applied. This field appears when Request for Risk Reduction is selected.
Compensating controls	One or more compensating controls to associate with the risk reduction request. This field appears when Request for Risk Reduction is selected. If compensating controls are associated with the vulnerability, only those controls appear. Otherwise, all active controls from the library appear.
Short description	Brief note describing the reasons for deferral request. This information reflects in the Description field of the remediation task that is created for a deferral request. Note: This field appears when you select the State as Deferred and Closed-False positive.
Until	Date till which the record remains deferred. Note: This field appears when you select the State as Deferred.
Additional information	Any other necessary information. This information reflects in the Additional Information field in the Overview tab of the remediation task that is created for deferral and closed-false positive requests. If your deferral request is approved, this additional information appears as deferral notes for both VIT and remediation task. Note: This field appears when you select the State as Deferred and Closed-False positive.
Work notes	Text that you enter to describe the changes.

Select  Edit.
On the Take Questionnaire modal, answer the questions and select  Submit.

A remediation task is created containing the records that you selected. Your request is submitted for approval and the State of the records changes to  In Review.
Note:
The Take Questionnaire modal appears only when the questionnaire is enabled for exception requests in the Exception Management form. For more information on configuring a questionnaire for exception requests, see Configure Exception Management for Vulnerability Response, Configure Exception Management for Application Vulnerability Response, and Configure Exception Management for Container Vulnerability Response, and Configuration Compliance Exception Management overview.

The approver receives an email notification about your request.

Result

In the Security Exposure Management Workspace, on the List page, navigate to Exceptions > All, open the corresponding state change approval record (VCA#) and check the status of your request in the Approval state column:


Approval state	Result
Approved	The state of the Remediation task transitions to Deferred with the given Reason as sub-state. The state and reason are rolled down to the records.The state of the Remediation task transitions to Deferred with the given Reason as sub-state. The state and reason are rolled down to the records. When risk reduction is also requested, a separate change approval is created for the risk reduction request. If that approval is also approved, the risk rating of the records is updated to the desired risk rating that was selected during the bulk edit request.
Rejected	The state of the Remediation Task and its records doesn’t change.

In the Activity stream of a record or remediation task, you can view the entire workflow of your request.