Analytics and Reporting Solutions for Vulnerability Response

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Analytics and Reporting Solutions for Vulnerability Response

    ServiceNow’s Vulnerability Response solutions provide comprehensive tools to monitor and manage vulnerability remediation efficiently. These solutions enable monitoring of trends, risk levels, assignment group workloads, deferrals, and recurring vulnerabilities through dynamic data visualizations and integrated dashboards. The focus is on helping customers prioritize and track remediation efforts, ensuring timely and effective vulnerability management.

    Show full answer Show less

    Key Features

    • Dynamic Data Visualizations: Available in Vulnerability Response Workspaces, these visualizations display the number and severity of active vulnerabilities, updated in real-time as vulnerability data changes. They help determine organizational threat levels and remediation progress.
    • Default and Custom Dashboards: Vulnerability analysts can access default dashboards via the Vulnerability Response module or through the New Experience UI starting with version 19.0. Dashboards provide insights into remediation task aging, high-risk vulnerabilities, and assignment group activities. Customers on earlier releases may experience limited functionality.
    • Remediation Task Management: Most remediation actions are performed through remediation task records within the workspaces. Tasks include creating change requests, adding notes, deferring remediation, closing tasks, and tracking compliance obligations.
    • Integration with Change Management: Customers can initiate and track change activities related to assets and remediation tasks, facilitating coordination with IT Operations and ensuring proper closure after remediation.
    • Automated Scan and State Updates: Vulnerability states update automatically after scans triggered by third-party integrations. Fixed vulnerabilities close automatically, while unresolved issues revert to "Under Investigation." Specific controls exist for Qualys and Rapid7 detections to manage reopening of resolved vulnerabilities based on scan results and configurable age thresholds.
    • Vulnerability Solution Management Metrics: Deployment progress metrics for remediation tasks and vulnerabilities are tracked, allowing identification of bottlenecks. Users can drill down into causes and update status directly from vulnerability, solution, and remediation task forms.

    Key Outcomes

    • Improved visibility into vulnerability remediation status and risk prioritization through real-time dashboards and visualizations.
    • Streamlined remediation workflows by managing tasks within the Vulnerability Response Workspaces, including change request integration and deferral capabilities.
    • Automated updates ensure vulnerability states accurately reflect current scan data, reducing manual tracking effort and preventing overlooked issues.
    • Enhanced ability to track remediation progress and identify delays, supporting more effective risk management and compliance adherence.

    Monitoring vulnerability remediation involves viewing trends, managing risk, and monitoring assignment groups. You can review high risk issues, assignment group workloads, deferrals and, reoccurring vulnerabilities. Vulnerability Response offers tools, reports, and procedures to make that process more productive and efficient.

    Data visualizations in the Vulnerability Response Workspaces

    The Vulnerability Response Workspaces include data visualizations that can help you monitor your remediation progress. You can determine the threat level to your organization by viewing the number and severity of active vulnerabilities that are important to your organization on dynamic data visualizations that are updated as vulnerability data changes. See Vulnerability Manager Workspace and Exploring the IT Remediation Workspace for more information about the dynamic data visualizations that are available.

    Vulnerability analysts can also use default Vulnerability Response dashboards at All > Vulnerability Response > Overview.

    Important:
    Starting with version 19.0 of Vulnerability Response, this dashboard can also be viewed in the New Experience UI. To view the dashboard in the new UI, navigate to Workspaces > Vulnerability Manager Workspace and click the Dashboards icon. Depending on your role, the default dashboard is displayed. To view other dashboards, click the drop-down next to the dashboard name. For more information, see Dashboards in the Vulnerability Manager Workspace and Dashboards in the IT Remediation Workspace.
    Note:
    If you are on Tokyo, you can view the dashboards in the Next Experience UI but with some functional loss.

    Vulnerability Response remediation process

    Most vulnerability remediation is done from the remediation task record from within the Vulnerability Response Workspaces. From the remediation tasks (RTs) in the Under Investigation state, you can perform several tasks.
    • Create change requests.
    • Add work notes and descriptions of vulnerabilities within the remediation task.
    • Defer the remediation task and the vulnerable items in it until a later date.
    • Close the remediation task.
    • Track new regulatory compliance obligations, which are usually time sensitive.
    • Log in to your Vulnerability Response instance.
    • Review your Vulnerability Management and third-party dashboards and reports to locate problem areas. For example, view dashboards that show remediation task (RT) aging by states or high risk vulnerable items (VIs) past their remediation target date.
    • Review the state of remediation tasks, in order of risk.
    • Revise the prioritization for the tasks by adjusting your risk score calculators if the risk score is not being calculated correctly or deferring VIs or RTs, as needed. See Vulnerability Response calculators and vulnerability calculator rules or Defer a Remediation task for more information on these options.
    • Review deferred vulnerable items about to reopen and take further action as required. If you want to initiate and track change activities on your assets, remediation tasks, and their corresponding vulnerable items, for more information, see Change management for Vulnerability Responsefor further action.
    • Review feedback from IT Operations.

      Once you are notified that a change request is resolved, wait for the next scan. Scans are triggered automatically by the third-party import schedule configured in the Setup Assistant.

    • After a scan, if the state is Fixed, vulnerable items are automatically closed during import. The group closes when all vulnerable items in the group are fixed.
    • After the scan, if the state is not Fixed, the VI is automatically moved back to Under Investigation.

    • Vulnerable items set to 'Resolved' in your instance but not transitioned to 'Closed/Fixed' by the third party integration runs are reopened if they are detected during rescans.

      For Qualys detections, if the scanner continues to find VIs that were set to 'Resolved' but then not transitioned to 'Closed/Fixed' by subsequent scans, these VIs move back to 'Open' when the last found date is later than the Resolved date.

      For Rapid7 detections, an option is now available on the Rapid7 configuration page in your instance to reopen resolved VIs by age. If enabled, VIs set to 'Resolved' but then not transitioned to 'Closed/Fixed' by subsequent scans transition back to 'Open' after the number of days that you enter.

    Vulnerability Solution Management Deployment Progress

    Comprehensive deployment metrics for remediation tasks and vulnerability entries are included in Vulnerability Solution Management under Remediation Status in vulnerabilities, vulnerable items. Easily identify which remediation task or vulnerability is slowing resolution progress. Drill down into how the vulnerability is identified, or what aspects of the affected assets may be causing the remediation issue. Update the status of your metrics using the Update status related link in the vulnerability, solutions, and remediation task forms.