Patch orchestration with the Vulnerability Response Workspaces

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Patch orchestration with the Vulnerability Response Workspaces

Patch orchestration in the Vulnerability Response Workspaces enables ServiceNow customers to efficiently manage patches and patch deployments for critical vulnerabilities across large groups of assets. This capability integrates data from third-party patch vendors, vulnerability scanners, and solution integrations through scheduled imports. It is supported in both the classic Vulnerability Response environment and the newer Vulnerability Response Workspaces, presenting correlated patch and vulnerability data in a unified manner.

Show full answer Show less

Key Features

Integration with Patch Vendors and Vulnerability Scanners: Supports integrations such as HCL BigFix and Microsoft SCCM, allowing automated import and management of patch data.
Unified Data Presentation: Patch and vulnerability information is consolidated and accessible in both the classic environment and the Vulnerability Response Workspaces.
Patch Scheduling: Users can schedule patches directly from Patch Update (VPU), Remediation Task (RT), and Discovered Item (SDI) records within the workspaces.
Workspace Views:
- In the IT Remediation Workspace, patch data is accessible via scorecards and list views highlighting preferred solutions, vulnerable configuration items (CIs), and available patches.
- In the Vulnerability Manager Workspace, users can monitor preferred and potential patches, scheduled patch dates, and remediation efforts from watch topics and remediation effort records.

Requirements and Roles

Applications: Specific applications from the ServiceNow Store are required to enable patch orchestration features, with some needing separate subscriptions.
User Roles: In addition to standard Vulnerability Response roles (snvul.vulnerabilityanalyst or snvul.vulnerabilityadmin), users must have roles specific to the patch orchestration integrations they use (e.g., roles related to HCL BigFix or Microsoft SCCM) to view data and schedule patches.

Practical Benefits for ServiceNow Customers

This patch orchestration capability helps streamline vulnerability remediation by providing actionable patch data and scheduling tools within familiar workspaces. It enhances visibility into patch status and remediation progress, supports compliance efforts, and reduces manual coordination by leveraging integrations with leading patch management solutions.

You can manage patches and patch deployments for critical vulnerabilities for large groups of your assets with Patch orchestration with Vulnerability Response.

Patch orchestration in the Workspaces

Patch orchestration with the Vulnerability Response application uses scheduled imports from third-party solution integrations, patch vendors, and vulnerability scanners.

Patch orchestration with the Vulnerability Response application is supported in both the classic environment and the Vulnerability Response workspaces. Correlated data is rolled up and displayed in both the workspaces and the classic environment. For an overview about the features, requirements, and information about patch orchestration in the classic environment, see Patch orchestration with Vulnerability Response.

For more information about the supported integrations with patch vendors, see Understanding the HCL BigFix patch orchestration integration with Vulnerability Response and Understanding the Vulnerability Response patch orchestration integration with Microsoft SCCM.
For information about how to schedule patches form records in the workspaces, see Schedule patches with the Microsoft SCCM integration with Vulnerability Response and Schedule patches with the Vulnerability Response patch orchestration integration HCL BigFix.

Available versions of applications and dependencies required for the patch orchestration integration

To view patch Orchestration data and available updates (patches) in the workspaces in Vulnerability Response, the following applications are required. All applications listed are available in the ServiceNow® Store. Some applications require separate subscriptions. See Patch orchestration with Vulnerability Response.

Roles required

In addition to the sn_vul.vulnerability_analyst or sn_vul.vulnerability_admin roles required for the Vulnerability Response Workspaces, users need roles that are specific to the patch orchestration integrations you are using to view data and schedule patches. See the following supported integrations for more information about these roles.

See Understanding the HCL BigFix patch orchestration integration with Vulnerability Response and Understanding the Vulnerability Response patch orchestration integration with Microsoft SCCM.

Patch data in the Vulnerability Response Workspaces

In the IT Remediation Workspace, you can view patch data in the workspaces:

On the Home view, click scorecards to view records for Preferred solutions on VIs, Vulnerable CIs, and Preferred Patches on VIs.
On the List view, view all the Patch Update records (VPUs) and the vulnerable items that are assigned to you that have patches from the available links.

You can schedule patches from the following records:

Patch Update (VPU)
Remediation task (RT)
Discovered Item (SDI)

In the Vulnerability Manager Workspace, you can view patches:

From the Home view on watch topics on the Vulnerable Items tab, you can view preferred and potential patches, Patch scheduled dates, and other information.
From the List view on remediation effort records, you can view patch data on VIT records on the Vulnerable Items tab.