Removing assignments from vulnerable items and remediation tasks

Release version: Zurich

Updated July 31, 2025

4 minutes to read

Summarize

Summarized using AI

Summary of Removing assignments from vulnerable items and remediation tasks

This feature enables remediation owners and vulnerability analysts to clear theAssigned toandAssignment groupfields on vulnerable item and remediation task records when they are incorrectly assigned or out of scope. TheUnassign UI actionis available on these records except when they are in Closed or Resolved states.

Show full answer Show less

Key Features

Unassign Action Availability: Can be used on remediation tasks (VULs, AVULs, CVULs) and vulnerable items (VITs, AVITs, CVITs) in both classic and workspace interfaces.
Cascade Clearing: When a remediation task is unassigned, associated vulnerable items with matching assignment groups are also cleared.
System Properties and Approval Flow: By default, unassigning triggers an approval process controlled by the snvul.unassignvr.approvalrequired system property. Vulnerability administrators can disable this approval or configure the default assignment group to which unassigned records are redirected.
Notifications: Notifications about unassigned records are sent either to a configured default assignment group or to users in the Unassign notification user group.
Assignment Type Tracking: The assignment type field reflects whether assignments are Manual, Rule-based, or Unassigned, providing visibility on records after unassignment.
Monitoring with Scheduled Job: A daily scheduled job tracks counts of vulnerable items transitioning to Unassigned status, helping analysts monitor and optimize assignment rules. Both manual and automatic unassignments are counted and displayed on the Vulnerability Assignment Rules list.

Practical Implications for ServiceNow Customers

This capability allows your teams to efficiently correct misassigned vulnerability remediation tasks and items, ensuring accurate ownership and streamlined remediation workflows. The approval and notification controls provide governance and transparency around reassignment activities. The reassignment monitoring supports ongoing refinement of assignment rules, improving overall vulnerability response management effectiveness.

As a vulnerability administrator, you can tailor the process to your organizational needs by configuring system properties for approval requirements and default reassignment groups. This ensures that unassigned records are properly routed for review or further action without losing track of accountability.

You can clear the Assigned to and Assignment group fields on vulnerable items directly from the vulnerable item and remediation task records that you determine might be incorrectly assigned to you or your groups.

Overview of the workflow

Remediation owners and vulnerability analysts can clear the Assigned to and Assignment group fields and update records for reassignment with the Unassign UI action.

Use case

If you determine that records aren't within your scope for remediation, or if you think that they have been incorrectly assigned to you or to your groups, you can remove yourself or your groups from the Assigned to and Assignment group fields on vulnerable item and remediation task records.

The Unassign UI action and more options menu

You can Unassign the following records with a UI action or from the more options menu ( Vertical dots

) in any state other than Closed or Resolved:

Remediation tasks (VULs, AVULs, and CVULs) in both the classic environment and the workspaces.
If a remediation task is updated with this feature, the Assigned to and Assignment group fields on all of its associated VITs that have the same assignment groups are also cleared.
Note:
If any VIT, AVIT, or CVIT on a remediation task has a different assignment group than its remediation task, it is not unassigned. In most cases, these vulnerable items have been manually assigned.
Vulnerable items (VITs, AVITs, and CVITs) in the classic environment and the workspaces.

Any records that you update assignments for with the UI action or manually are displayed on the Unassigned module under their respective product modules.

For the steps to clear the Assigned to and Assignment group fields on records with the Unassigned UI action, see Remove assignments from vulnerable items and remediation tasks for more information.

System property and notifications

If you select Unassign on a record, by default, the sn_vul.unassign_vr.approval_required and system property triggers the approval flow and creates a state change approval record in review state and approval request is raised for approver which displays in the My Approvals list.

Note:

As a vulnerability administrator [sn_vul.vulnerability_admin], you can set the sn_vul.unassign_vr.approval_required system property to false to disable the approval process.

If the request is approved, sn_vul.default_assignment_group clears the Assigned to and Assignment group fields and populates the Assignment type field with Unassigned. As a vulnerability administrator, you can change the value in the sn_vul.default_assignment_group system property so that the assignment fields are cleared and a specific group is then assigned. For example, if a user clicks Unassign on a record and you want to redirect it to a specific group for review, you can add a system ID for the group of your choice in the Value field of the system property.
Note:
If you change this value, notifications for all the VITs, AVITs, and CVITs that are unassigned are sent to the group you specify.
If your request is rejected, the reason is displayed in the Notes tab.

Alternatively, if sn_vul.default_assignment_group is not configured for a specific group, by default, users that you add to the Unassign notification user group are alerted when records are unassigned. The sn_vul.default_assignment_group system property determines the notifications to this group.

The assignment type, whether it's Manual, Rule, or Unassigned, is available from the VIT records and the list view. The Unassigned assignment type is displayed on records after the Assigned to and Assignment group fields are cleared by the system property.

See Approve or reject an unassign request in Vulnerability Response for more information about approving requests.

Monitoring your assignment rules with the scheduled job for this feature

A daily scheduled job counts the records when they transition to Unassigned assignment type. With this count, vulnerability analysts can monitor and adjust any assignment rules that might not be performing well based on any assignment rules that have higher counts of unassigned VIs.

The Reassignment count for assignment rules scheduled job runs daily and posts the total number of VIs that are unassigned by this feature for a particular assignment rule.

The counts gathered by this job apply to the vulnerable items and the unique assignment rules for Vulnerability Response and Application Vulnerability Response. Counts are displayed by assignment rule in each assignment rules list for each module.

The job also counts any records that are manually unassigned. Both the manual counts and the counts gathered by this feature are posted on the Vulnerability Assignment Rules list in two columns: Reassignment count - manual items and Reassignment count - unassigned items.

As a vulnerability admin, to view these counts, navigate to Vulnerability Response > Administration > Assignment Rules.
Click the gear icon in the upper right of the list and select the Reassignment count - manual items, and Reassignment count - unassigned items for display.
Any VI that was originally assigned by a rule but subsequently automatically or manually reassigned contains a reference to the original rule on the list view.

The following example shows reassignment counts for two assignment rules.

Reassignment counts for two assignment rules for Vulnerability Response VITs.