Patch data and state rollup for patch orchestration in Vulnerability Response

  • Release version: Zurich
  • Updated July 31, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Patch data and state rollup for patch orchestration in Vulnerability Response

    Starting with version 16.1 of Vulnerability Response, patch data and patch state rollups are integrated into Patch Update and related records within the Vulnerability Response application. This integration connects vulnerability, patch, and solution information, enabling customers to view comprehensive patch orchestration data directly in Vulnerability Response workspaces and classic views. The feature supports orchestration integrations such as HCL BigFix and Microsoft SCCM.

    Show full answer Show less

    Key Features

    • Patch Update Records: Display detailed information including vulnerability solutions imported from patch vendors, remediation status, associated devices, vulnerable items, patch deployments, and patch requests.
    • Remediation Status and Source Remediation Status: Show the total number of devices requiring patches, devices missing updates, percentage of remediated vulnerable items, and overall remediation progress.
    • Patch Orchestration Visibility: Users can view patch requests awaiting approval, scheduled patch deployments, and potential patches that may address vulnerabilities.
    • Vulnerable Items State Rollup: Vulnerable items with preferred patches transition automatically to an "Awaiting Implementation" state based on patch scheduling and remediation deadlines.
    • Related Links and Tabs: Provide quick access to associated devices, vulnerable items, patch deployments, patch requests, and potential patches from Patch Update records.
    • Role-Based Access: Viewing and scheduling patches require roles specific to the patch orchestration integration used.
    • Integration Support: Supports popular patch orchestration tools like HCL BigFix and Microsoft SCCM, allowing customers to leverage existing patch management workflows within Vulnerability Response.

    How It Helps You

    This patch data and state rollup feature enables ServiceNow customers to:

    • Gain consolidated visibility into patch and vulnerability remediation status within a single application.
    • Track and manage patch deployment schedules and approvals effectively through integrated workflows.
    • Understand the remediation progress of vulnerable items based on patch availability and deployment status.
    • Ensure better coordination between vulnerability management and patch orchestration processes.
    • Quickly drill down into remediation details, preferred patches, and affected devices to prioritize patching efforts.

    Practical Usage

    • Navigate to Vulnerable Items assigned to you with patches to monitor remediation state changes and preferred patch information.
    • Use the Remediation tab on vulnerable item records to view patch schedules, reasons for current states, and related patch data.
    • Access Patch Updates from Vulnerability Response Workspaces to track patch deployments, requests, and device impact.
    • Leverage dashboards and scorecards in classic and workspace views for consolidated patch orchestration insights.
    • Ensure your users have the required patch orchestration roles to view and manage patch data effectively.

    Additional Notes

    • When no vulnerability solution data is available after an import, the Vulnerability solution field remains blank on Patch Update records. Specific guidance is available for handling such patches.
    • Patch orchestration states update automatically based on patch scheduling and remediation deadlines, helping to streamline patch management workflows.

    Starting with v16.1 of Vulnerability Response patch data and states are rolled up to Patch Update and other records in the Vulnerability Response application.

    Patch Update records in the workspaces in the classic environment in Vulnerability Response

    Information about patches, vulnerability solutions, and vulnerabilities is all connected in the Vulnerability Response application.

    Patch data and patch rollup data and status are displayed on records in your instance. Patch records are included as part of the patch orchestration feature of this integration with Vulnerability Response. View Patch (VPU) records in Vulnerability Response Workspaces from the List view in the IT Remediation Workspace. Patch Update records in both the classic view and Vulnerability Response Workspaces include the following data:

    • Vulnerability solution data and information from patch vendors imported by the Vulnerability Solution Management application.
    • Source Remediation Status that includes the total number of devices that have a vulnerability that can be fixed by a patch, and any devices that are missing updates.
    • Remediation Status that includes % of VIs remediated, and the total VIs that have a patch as a preferred patch.
    • Associated Devices, Vulnerable Items, Patch Deployments and Patch Requests on the Related Links on records in the class view. This data is displayed on tabs on records in the Vulnerability Response Workspaces.
    • Patch Requests that remediation owners have submitted for approval.

    Roles required

    Users need roles that are specific to the patch orchestration integration you are using to view data and schedule patches. See the supported integrations for more information.

    Patch data and state rollup

    To view the vulnerable items that have patches and that are assigned to you in the classic environment, navigate to All > Vulnerability Response > Vulnerable items > Assigned to me with patches.

    If a vulnerable item record is populated with a preferred patch, it transitions automatically to Awaiting Implementation only if the state of the VI is not Closed, Resolved, Deferred or In Review. To drill down into the data to view the preferred solution and other data, click the Remediation tab on the VI record.

    Figure 1. Remediation Steps tab
    Remediation steps tab on VI record
    A VI with a preferred patch transitions to Awaiting Implementation in the following cases:
    • If a patch is scheduled for deployment on a CI that is part of a collection import, and the CI has an associated VI, the reason the VI is Awaiting Implementation is Patch Scheduled.
    • If a patch is scheduled for deployment on a CI that is part of a collection import, and the CI has an associated VI, and the Remediation target date (deadline) that is later than the Time to Remediation (TTR) date, the state of the VI is Awaiting Implementation with the reason as Patch Scheduled (Missing Target Date).
    • If a patch is not scheduled for deployment on a CI that is part of a collection import, the state of the VI is Awaiting Implementation, with the reason as Patch Not Scheduled.

    Click the Preferred Patch information icon to open the Patch updates and view the following information on the Related Links:

    Vulnerable items
    Vulnerable items that are associated with this patch.
    Associated Devices
    Devices that have updates and those that are missing updates.
    Patch deployments
    Deployments scheduled for this patch on individual machines (assets) or on groups of assets.
    Patch Requests
    A list of patch requests that have been sent for approval before they are scheduled for deployment.
    Potential Patches
    Patches that might address a vulnerability.

    Click the Preferred patch information icon to open the record to view the information listed previously, in addition to the following Patch Update data:

    Source Remediation Status
    The total devices that require this patch and any devices that are missing the patch.
    Remediation Status
    The status (total VIs, % remediated, VIs deferred) for the VIs that have this preferred patch.

    Preferred patches and solutions

    When an imported vulnerability matches an asset in your Configuration Management Database (CMDB), a vulnerable item (VI) is created in Vulnerability Response. If the configuration item (CI) that is associated with this VI is also imported from a third-party patch vendor and is shown as missing a patch for the same vulnerability, a preferred patch is listed and rolled up to your solutions. This information lets you know that an asset (CI) has a fix from an available patch that is the best match for its vulnerability.

    Viewing patches without solutions

    After an import, if no vulnerability solution data is available, the Vulnerability solution field on the Patch Update record is left blank. For more information about how to view information for these types of patches, see View patches without solutions in Vulnerability Response.