Vulnerability Response workspaces overview

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Vulnerability Response Workspaces Overview

The Vulnerability Response workspaces in ServiceNow Zurich release provide integrated environments tailored to different roles involved in managing vulnerabilities. These workspaces support Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance. They enable users to identify, prioritize, remediate, and manage vulnerabilities efficiently through a unified AI-powered platform.

Show full answer Show less

Workspaces and Roles

Vulnerability Manager Workspace: Enables vulnerability managers to protect assets by analyzing vulnerability data from various sources, prioritizing critical issues, and delegating remediation tasks to IT teams.
IT Remediation Workspace: Designed for IT specialists to monitor and resolve remediation tasks assigned by vulnerability managers, using tools such as patches, rescans, change requests, and exceptions all from one place.
Vulnerability Assessment Workspace: Supports vulnerability event managers in assessing exposure and managing critical vulnerability events proactively, including zero-day vulnerabilities.

Key Features

Bulk Edit: Update multiple records simultaneously in the Vulnerability Manager Workspace to streamline vulnerability management.
Dashboards: Access comprehensive dashboards for Vulnerability Management, Approvals, CISO, Container and Application Vulnerability Management, and Remediation in respective workspaces using the Next Experience UI.
Remediation Task Management: Create, split, and request exceptions for remediation tasks manually in both Vulnerability Manager and IT Remediation Workspaces, enhancing flexibility in managing vulnerabilities.
Policy Exceptions: Request exceptions for vulnerable items and remediation tasks to manage compliance and risk effectively.
Vulnerability Crisis Management (VCM): Create and track critical vulnerability events to respond swiftly to high-impact threats.
Compensating Controls: Add and manage compensating controls in the Vulnerability Manager Workspace to mitigate risks.
Risk Reduction Requests: Initiate risk reduction requests for hosts and remediation tasks directly from the IT Remediation Workspace.
Issue Integration: Create agile and Jira issues for application and container vulnerabilities to facilitate collaboration and tracking outside ServiceNow.

Practical Benefits for ServiceNow Customers

These workspaces provide customers with a comprehensive, role-based approach to vulnerability management that enhances collaboration between security and IT teams. Customers can expect improved prioritization, streamlined remediation workflows, real-time tracking of critical events, and integration with external issue tracking systems. The solution supports efficient handling of vulnerabilities across various environments, helping organizations reduce risk and maintain compliance.

The Vulnerability Manager and IT Remediation Workspaces support Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance.

The Vulnerability Manager, IT Remediation, and Vulnerability Assessment Workspaces

Vulnerability Manager Workspace: As a Vulnerability Manager, protect your company's assets from malware and malicious attacks. From a single work area in your ServiceNow AI Platform®, with the Vulnerability Response application, along with current vulnerability data imported into your instance from vulnerability libraries and third-party scanner data applications, identify critical vulnerabilities and misconfigurations, prioritize them, and send lists of remediation tasks over to IT for their specialists to act on.
IT Remediation Workspace: As an IT specialist, use lists, or remediation tasks (RT) sent over by vulnerability managers to monitor and resolve critical vulnerabilities assigned to you or your groups. Fix groups of vulnerable items with patches, solutions, vulnerability rescans, change requests, exceptions, and other tools to remediate vulnerable items and test results all from one location.
Vulnerability Assessment Workspace: As a Vulnerability event manager, perform exposure assessment, and proactively manage critical vulnerability events especially during the critical vulnerability events such as a zero-day event.

Key features

The Vulnerability Response workspaces include the following features and enhancements.

Use the Bulk Edit feature in the Vulnerability Manager Workspace to update multiple records simultaneously. For more information, see Using bulk edit in the Vulnerability Manager Workspace.
View the Vulnerability Management (PA), Vulnerability Approvals, CISO, Container Vulnerability Management Overview, Application Vulnerability Management Dashboard, Unified Vulnerability Response, and Health dashboards in the Next Experience UI on the Dashboards page of the Vulnerability Manager Workspace. For more information, see Dashboards page in the Vulnerability Manager Workspace.
View the Vulnerability Remediation dashboard in the Next Experience UI on the Dashboards page of the IT Remediation Workspace. For more information, see Dashboards page in the IT Remediation Workspace.
Create the Remediation Tasks (VUL, AVUL, CVUL, or CRG) manually in the Vulnerability Manager Workspace and IT Remediation Workspace. For more information, see Create a remediation task manually in the Vulnerability Manager Workspace and Create a remediation task manually in the IT Remediation Workspace.
Split the Remediation Tasks (VUL, AVUL, CVUL, and CRG) in the Vulnerability Manager Workspace and IT Remediation Workspace. For more information, see Request exceptions for remediation tasks and records in the Vulnerability Manager Workspace and Split a remediation task in the IT Remediation Workspace respectively.
Request the policy exceptions for vulnerable items (VITs, AVITs, and CVITs), and Remediation Tasks (VUL, AVUL, CVUL, and CRG) in the Vulnerability Manager and IT Remediation Workspaces. For more information, see Request exceptions for remediation tasks and records in the Vulnerability Manager Workspace and Request an exception using GRC: Policy and Compliance Management in the IT Remediation Workspace respectively.
Create and track critical vulnerability events through the Vulnerability Crisis Management (VCM). For more information, see Explore the Vulnerability Assessment Workspace.
Add compensating controls to the Compensating controls library in the Vulnerability Manager Workspace. For more information, see Add a compensating control to the library.
Request risk reduction for a host vulnerable item and remediation task from the IT Remediation workspace. For more information, see Request risk reduction for a vulnerable item or remediation task.
Create an agile issue and a Jira issue for application and container vulnerable items from the Vulnerability Manager Workspace. For more information, see Create agile issue manually using form action and Create agile issue manually using list action.

For more information about version compatibility with the family releases, refer to the KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes article in the HI Knowledge Base.