Create vulnerable items for the affected CI or affected software component

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read

    • Create vulnerable items (VIs) or application vulnerable items (AVITs) from the Vulnerability Assessment Workspace. Vulnerability analysts analyze the list of VIs and recommend solutions and patches that help the IT team to patch these vulnerabilities.

    The vulnerability event manager should be able to select one, many or all of the exposure search results to create Vulnerability Items.
    • Application vulnerable item for SBOM assessment results that don't have AVITs associated
    • Vulnerable Items for configuration items that don't have VITs associated
    • Associate primary CVE to the vulnerability items.

    Create VIs for configuration items without vulnerable items associated

    Create vulnerable Items VITs for configuration items identified through the vulnerability assessment but don't have VITs associated with the record.

    Before you begin

    Role required: admin

    Procedure

    1. Navigate to Workspaces > Vulnerability Assessment Workspace > Assessments.
    2. Select the assessment record to which you need to create the VIT.
    3. Select the Assessment tab.
    4. Select Without Configuration Items count from the Configuration Items (Host Infra) widget.
    5. Select the Configuration Items for which you want to create VITs from the Affected Configuration Items list.
    6. Select Create Vulnerable Item.
      The Vulnerability Response - Create Manual VITs Vul Assessment background job is initiated and a relevant notification displays.
    7. Select View Status on the notification to view the status of the running job.
      Vulnerable Items for the affected configuration items that you selected are created.

      The Configuration Items (Host Infra) widget will now display the same CI in the With Vulnerable Items count.

    Create application vulnerable items (AVITs) for affected products models or components with no associated application vulnerable items

    Create application vulnerable items (AVITs) for affected products or components items identified through the vulnerability assessment but don't have AVITs associated with the record.

    Before you begin

    Role required: admin

    Procedure

    1. Navigate to Workspaces > Vulnerability Assessment Workspace > Assessments.
    2. Select the assessment record to which you need to create the VIT.
    3. Select the Assessment tab.
    4. Select Without Application Vulnerable Items count from the BOM Components and Product models widget.
    5. Select the affected product models for which you want to create AVITs from the Affected Product Models list.
      You can use the Business Application field to identify affected business applications for targeted remediation and reporting.
    6. Select Create Application Vulnerable Item.
      The Vulnerability Response - Create Manual VITs Vul Assessment background job is initiated and a relevant notification displays.
    7. Select View Status on the notification to view the status of the running job.
      Application vulnerable Items for the affected product models items that you selected are created. for the primary CVE associated with the record.

      The BOM Components and Product models widget will now display the same product model or component in the With Application Vulnerable Items count.