Life cycles of remediation efforts, remediation tasks, and records in the Vulnerability Response Workspaces

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Life cycles of remediation efforts, remediation tasks, and records in the Vulnerability Response Workspaces

This content explains how remediation efforts, remediation tasks (RTs), and associated records behave and transition through various states within the Vulnerability Response Workspaces in ServiceNow. It highlights the impact of creating, deferring, resolving, reopening, transferring, and deactivating remediation efforts on these records, providing clarity on lifecycle management for vulnerability response.

Show full answer Show less

Creating Remediation Efforts

Remediation efforts can be created from the watch topic interface via "Create a Remediation Effort" or "Create recurring effort".
Only one recurring remediation effort per watch topic is allowed; recurring efforts automatically generate subsequent remediation efforts based on defined criteria.
Only Active records are added to remediation efforts, and these records are placed into new remediation tasks.
Records may exist in multiple remediation tasks but only one remediation effort at a time.
Remediation efforts automatically deactivate when no active records remain.

Transferring Records or Carrying Over

Records can be transferred between remediation efforts during creation by selecting the "Transfer matching records from other active remediation efforts" option.
When transferring records to a new remediation effort within the same watch topic:
- All remediation tasks from the old effort move to the new effort.
- New remediation tasks are created for records not previously assigned to any task.
- The old remediation effort is deactivated.
When transferring records to a remediation effort in a different watch topic:
- All records move to the new effort with remediation tasks created based on grouping criteria.
- If all records from old remediation tasks are transferred, those tasks are closed-canceled.
- If only some records are transferred, old remediation tasks are split and remain active.
- Closed tasks from the old remediation effort remain unaffected.
Records cannot be transferred from recurring remediation efforts to new remediation efforts, but transfers from non-recurring efforts are supported.

Roles Required

Specific roles are required to manage remediation efforts based on vulnerability item types:

Host Vulnerable Items (VITs): snvul.vulnerabilityanalyst or snvul.vulnerabilityadmin
Application Vulnerable Items (AVITs): snvul.appsecmanager
Container Vulnerable Items (CVITs): snvulcontainer.vulnerabilityanalyst or snvulcontainer.vulnerabilityadmin
Configuration Test Results (CTRs): snvulc.admin

The states of records and their associated remediation tasks (RTs) are impacted if records are deferred, resolved, reopened, and transferred to other remediation efforts (REs).

Roles required:

sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs)
sn_vul.app_sec_manager for application vulnerable items (AVITs)
sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs)
sn_vulc.admin for configuration test results (CTRs)

Creating remediation efforts

How the states and life cycles of remediation efforts, remediation tasks, and records are impacted depends on how a remediation effort is created, when it’s created, and if it’s deactivated.

From the list in the upper right on a watch topic, you can create a remediation effort by clicking Create a Remediation Effort or Create recurring effort. You can create one recurring remediation effort per watch topic. If you create a recurring remediation effort, subsequent remediation efforts for the associated watch topic are created automatically based on the criteria you set. In either case:

To facilitate remediation, only Active records are added to the remediation efforts.
All records in new remediation efforts are placed in new remediation tasks. Records can exist in multiple remediation tasks, but only one record can be associated with a remediation effort.

Note:

A Remediation Effort is deactivated automatically when there are no active records.

Transferring records or record carry over

You can transfer records from one remediation effort to another when creating a remediation effort by selecting the Transfer matching records from other active remediation efforts check box. For more information on how to transfer the records, see Transfer records to remediation efforts in the Vulnerability Manager Workspace. If records are transferred from a remediation effort or carried over into recurring remediation efforts:

To a new remediation effort in the same watch topic

All Remediation Tasks from the old Remediation Effort are moved to the new Remediation Effort.
New Remediation Tasks are created based on the chosen grouping criteria for the records previously not part of any Remediation Task.
The old Remediation Effort is deactivated.

To a new remediation effort in a different watch topic

All the records from the old Remediation Effort are moved to the new Remediation Effort and Remediation Tasks are created based on the chosen grouping criteria.

If all records in the Remediation Tasks associated with the old Remediation Effort are transferred, these Remediation Tasks are closed-canceled.
If only a subset of records are transferred, the Remediation Tasks associated with the old Remediation Effort are split and remain active.

The closed Remediation Tasks associated with old Remediation Effort are not affected.

Note:

You can’t transfer records from recurring remediation efforts into new remediation efforts. However, you can transfer records from existing, non-recurring remediation efforts into new remediation efforts. See Transfer records to remediation efforts in the Vulnerability Manager Workspace for more information about transferring records.