Re-evaluating the exceptions for selected records in the Vulnerability Manager Workspace

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Re-evaluating the exceptions for selected records in the Vulnerability Manager Workspace

    In the Vulnerability Manager Workspace, ServiceNow customers can re-evaluate exception rules for selected vulnerability records using theRe-evaluate and update the remediation propertiesmodal. This process updates the deferral status and deferral expiration dates of vulnerabilities according to the latest exception rules, ensuring remediation tracking remains accurate and up-to-date.

    Show full answer Show less

    Key scenarios when re-evaluating exceptions

    • Manually deferred records matching exception conditions: These records remain deferred without changes.
    • Non-deferral state records matching exception conditions: Records in states like Open, In Review, or Under Investigation are deferred until the date specified by the exception rule.
    • Records already deferred by an exception rule: They remain deferred even if the original exception rule expires or if they match a different exception rule.
    • Records deferred by an exception rule that no longer applies: When rule conditions change invalidating the deferral, records revert to Open state with updated deferral metadata (until date, deferral count, etc.).

    Practical example of exception rule usage

    An exception rule can be set to automatically defer critical vulnerability items (VITs) with a risk rating of 5 (Critical), active between specific dates, and assigned to a remediation group. When this rule executes, critical VITs are deferred until the specified Deferred until date, which triggers closure of the vulnerability and removal from groups on that date.

    Effect of re-evaluation on multiple records

    When multiple VITs are re-evaluated simultaneously, their states are updated based on their risk ratings and matching exception rules. For example:

    • Critical VITs move to Deferred with the deferred until date set by the exception rule.
    • Records with low or medium risk ratings remain in their current states unless matching updated exception conditions.
    • Manually deferred records retain their deferral state and dates.

    If the exception rule conditions change (e.g., now deferring low-risk VITs), affected records update their deferral status and until dates accordingly upon re-evaluation.

    What this enables for ServiceNow customers

    • Maintain accurate and current deferral statuses for vulnerabilities based on evolving exception rules.
    • Automate deferral state management to reduce manual tracking effort.
    • Ensure remediation tasks and compliance processes reflect the latest risk acceptance decisions.
    • Adapt quickly to changes in exception criteria without losing historical deferral data.

    In the Vulnerability Manager Workspace, when you evaluate the exception rules for a set of records in the Re-evaluate and update the remediation properties modal, their deferral status and until date of deferral are updated as per the latest exception rules.

    Scenarios

    You may come across the following scenarios, when you evaluate the exceptions for a selected set of records in the Re-evaluate and update the remediation properties modal in the Vulnerability Manager Workspace:

    Scenario 1: When the selected records are already deferred manually and they match the condition of an exception rule, these records remain in the Deferred state without any changes.

    Scenario 2: When the selected records match the condition in the exception rules and these records are in a non-deferral state (such as open, In Review, Under Investigation), then these records are deferred until the date defined in the exception rule.

    Scenario 3: When the selected records are already in the Deferred state (that are deferred using the exception rule A), they remain in the Deferred state in the following scenarios:
    • the exception rule expires and the records do not match the condition
    • the exception rule expires and the records match the condition
    • the exception rule A expires and records match the condition of another exception rule B.
    Scenario 4: Consider that the records are deferred using an exception rule. When you change the exception rule condition such that the Deferred state of the records is no longer valid and then reevaluate the exception rules for these records:
    • the records move to the Open state
    • the Until date, Deferral date, Deferral count and other fields are updated.

    Consider that you are evaluating the exceptions for following host vulnerable items (VITs)

    Consider the exception rule with the following details:
    Table 1. Exception rule details
    Field Description Value
    Name Name of the exception rule. Deferring critical VITs
    Valid from Date from which this rule is active to defer the VIs. 20-08-2024
    Valid to Date from which the remediation task stops accepting new VIs. 30-11-2024
    Reason Reason to create this exception rule. Risk Accepted
    Assignment group Group that the remediation task that was created for tracking the deferred VIs is assigned to. Remediation Group 1
    Additional information Additional information that the requester wants to provide to the approver. This information is populated in the description field of the remediation task. This rule has been created to defer the critical VITs automatically.
    Condition Filter condition for the VIs that can be defined while processing the VIs. Risk rating = 5 - Critical
    Execute on existing data Option that enables you to run this rule on existing data the first time that this rule is run. Yes
    State State of the exception rule. Approved
    Execution order Unique order for each exception rule. 100
    Deferred until Date until when the VULs and VIs are deferred. On this date, the created VUL is closed, all the VIs move out of the group, and group rules are reapplied. 2024-12-23 16:10:29
    The following table shows how the state changes when the exception rules are reevaluated for multiple VITs simultaneously:
    Table 2. Records for which exceptions are reevaluated
    VIT Number State Risk Rating Updated state after reevaluating the exceptions -1 Until date - 1
    VIT120067 Open 2 - Low Open -
    VIT120068 In Review 3 - Medium In Review -
    VIT120069 Under Investigation 5 - Critical Deferred 2024-12-23 16:10:29
    VIT120070 Deferred 5 - Critical Deferred 2024-12-23 16:10:29
    VIT120071 Deferred 2 - Low Deferred 2024-10-02 16:10:29 (Deferred manually)
    VIT120072 Closed 5 - Critical Closed -
    When the condition in the preceding exception rule is modified to Risk rating = 2 - Low and Deferred until is modified to 2024-12-31 14:10:23 the records are updated as follows:
    Table 3. Records for which exceptions are reevaluated
    VIT Number Updated state after reevaluating the exceptions -1 Risk-rating Updated state after reevaluating the exceptions - 2 until date - 2
    VIT120067 Open 2 - Low Deferred 2024-12-31 14:10:23
    VIT120068 In Review 3 - Medium In Review -
    VIT120069 Deferred 5 - Critical Deferred 2024-12-23 16:10:29
    VIT120070 Deferred 5 - Critical Deferred 2024-12-23 16:10:29
    VIT120071 Deferred 2 - Low Deferred (No change in the state) 2024-10-02 16:10:29 (No change in the until date)
    VIT120072 Closed 5 - Critical Closed -