Vulnerability Response implementation

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vulnerability Response implementation

    This guide outlines the process for ServiceNow customers to download, install, and configure the Vulnerability Response application on their ServiceNow AI Platform® instance. It uses a practical example that includes installing the base system, the Vulnerability Response app, and a third-party vulnerability scanner application (Qualys). The instructions emphasize the use of the Setup Assistant for streamlined configuration and verification.

    Show full answer Show less

    Key Features

    • Installation via ServiceNow Store: Step-by-step download and installation of Vulnerability Response and supporting third-party applications.
    • Role-based Access Control: The admin role is required for installation and assigning the snvul.vulnerabilityadmin role, which enables configuration and ongoing management.
    • Setup Assistant Guided Configuration: The Setup Assistant guides users through critical configuration sections starting with Vulnerability Response Settings to understand and validate processes.
    • Automated Rules Configuration: Includes setting up Vulnerability Assignment Rules, Remediation Task Rules, Risk Calculators, and Remediation Target Rules to automate vulnerability management workflows.
    • Third-Party Integration Settings: Configure and customize import schedules, CI lookup rules, and third-party account information for vulnerability data imports.
    • Extensibility: The steps and concepts demonstrated for Qualys can be extended to other supported Vulnerability Response applications.

    Practical Outcomes for Customers

    • Efficient deployment of Vulnerability Response with clear, role-based responsibilities.
    • Automated assignment and grouping of vulnerability data to appropriate teams, improving remediation efficiency.
    • Ability to customize risk assessment and remediation timelines to align with organizational policies.
    • Seamless integration of third-party vulnerability scanner data, ensuring comprehensive vulnerability visibility.
    • Access to a detailed implementation checklist and best practice guidance for optimized performance and successful adoption.

    Use the steps illustrated in the following images to download the Vulnerability Response application from the ServiceNow Store, install it on your ServiceNow AI Platform® instance, and configure it using the Setup Assistant.

    An installation and configuration example for installing the base system, the Vulnerability Response application and a third-party scanner application, the Qualys application, is illustrated in the following images. Required roles and mandatory tasks, as well as optional steps, are also listed.

    • For more information about each step illustrated in the following images and a checklist with links to supporting documentation, see Implementation checklist for the Vulnerability Response application.
    • You can extend the concepts and sequence of steps presented in this example to installing and configuring other supported applications for Vulnerability Response. For a list of support applications, see Installation of Vulnerability Response and supported applications.
    • The admin role is required to download and install the Vulnerability Response application and the Qualys Vulnerability application used for this example.
    • The admin role also assigns the Vulnerability admin [sn_vul.vulnerability_admin] persona and other Vulnerability Response persona roles to users and groups.
    Figure 1. Admin tasks
    Refer to the first section for links and a description of how to download, activate, and configure apps from within the Setup Assistant.

    The sn_vul.vulnerability_admin role configures the Vulnerability Response and Qualys applications in Setup Assistant and verifies expected results.

    Follow the steps and prompts in Setup Assistant starting with the Vulnerability Response Settings section to continue with the installation and configuration. Reviewing these settings helps you understand and verify the processes of Vulnerability Response as you continue to set up your environment.

    Role required: sn_vul.vulnerability_admin or, alternatively, admin.

    Figure 2. Vulnerability admin tasks
    Vulnerability admin tasks in the Setup Assistant under the Vulnerability Response Settings module and the Integration Configuration module.

    Review the descriptions, default settings, and demo data that you installed with the applications in the following sections:

    • Vulnerability Assignment Rules - automatically assign vulnerable items (VIs) to the appropriate assignment group.
    • Remediation Task Rules - automatically group vulnerable items (VIs) as they are imported based on certain conditions.
    • Risk Calculators - Default Risk Calculator is enabled.
    • Remediation Target Rules - Define remediation time lines for VIs and remediation tasks (RTs).
    • Review and edit the settings for the third-party applications and installed solutions you installed and define conditions for your data imports. Enter your third-party account information and configure import settings, and schedules, configuration item (CI) lookup rules, as well as other settings.

    See Implementation checklist for the Vulnerability Response application for more information.

    For additional information while customizing or implementing the Vulnerability Response application, see the Best Practices: Vulnerability Response Implementation for better performance Knowledge Base article [KB1157979].