Application Vulnerability Management (PA) dashboard
Summarize
Summary of Application Vulnerability Management (PA) dashboard
The Application Vulnerability Management (PA) dashboard in ServiceNow provides vulnerability managers with a comprehensive graphical interface to track and analyze application vulnerabilities (AVIs) from detection through remediation or containment. It helps prioritize the most critical and high-visibility vulnerabilities affecting applications, enabling effective risk management and remediation planning.
Show less
This dashboard is part of the Performance Analytics for Vulnerability Response content pack, which requires a separate subscription and installation. Users with roles such as Security Champion, App-Sec Manager, or Developer can access the dashboard through the Application Vulnerability Response module or via the Vulnerability Manager Workspace in the New Experience UI (from version 19.0 onward).
Key Features
- Dashboard Tabs: Includes Overview, Security Posture, Exceptions, Remediation Trend, and Scoreboard tabs to provide detailed insights into vulnerability status and remediation progress.
- Filters and Breakdowns: Analyze data by Scan Type (Dynamic, Static, Manual), Application, or Business Unit with additional element selection to refine views.
- Security Posture Tab: Displays current security posture, remediation progress, and penetration test findings (manually created AVIs).
- Exceptions Tab: Highlights deferred AVIs, expiring deferral requests, and exceptions by assignment group and requester to manage risk from postponed remediation.
- Remediation Trend Tab: Tracks remediation progress over time, emphasizing mean time to remediate vulnerabilities by risk rating.
- Scoreboard Tab: Identifies applications with the most critical and overdue AVIs, spotlighting areas needing urgent attention.
- Key Indicators: Metrics include counts of active, new, closed, unassigned AVIs, mean time to remediate by risk level, application releases, and net change in AVIs—each with goals to minimize or maximize to improve security posture.
- Data Visualization: Utilizes single scores, pie charts, heatmaps, line trends, and scorecards to present vulnerability data clearly and effectively.
- Customization Note: Adjusting the calculation of Age and Age Closed for AVIs can significantly impact Performance Analytics reporting and should be done cautiously.
Practical Benefits for ServiceNow Customers
- Gain clear visibility into the risk and remediation status of application vulnerabilities across your organization.
- Prioritize remediation efforts by focusing on critical and overdue vulnerabilities to reduce security risk efficiently.
- Monitor trends in vulnerability detection and remediation to assess the effectiveness of vulnerability management processes.
- Leverage detailed exception tracking to understand and manage risk exposure from deferred remediation items.
- Use role-based access and workspace integration for streamlined vulnerability management aligned with organizational roles.
- Customize filters and views to align dashboard insights with specific business units, applications, or scan types for targeted analysis.
Track the volume, performance and progress of application vulnerabilities from initial analysis and detection to containment or remediation.
Use cases
| User | Dashboard use |
|---|---|
| Vulnerability managers | With the Application Vulnerability Management dashboard, vulnerability management can determine which application vulnerable items (AVIs) present the most risk to their organizations. These dashboards provide a graphical view into AVI activity to help them determine remediation plans and status progress. Focus on the KPIs associated with critical affected applications and high-visibility vulnerabilities. |
Required ServiceNow AI Platform roles, setup, and the dashboard tabs
The Application Vulnerability Management (PA) dashboard is included as a part of the Performance Analytics for Vulnerability Response content pack. The Performance Analytics for Vulnerability Response content pack is not automatically installed with the Vulnerability Response application. It is available on the ServiceNow® Store as a separate subscription.
For more information about setting up, installing, and configuring your Performance Analytics for Vulnerability Response application, see Install and configure the Performance Analytics for Vulnerability Response [PA] application.
To view the dashboard, as a user assigned to Security Champion, App-Sec Manager, or Developer user groups, navigate to .
Starting with version 19.0 of Application Vulnerability Response, this dashboard can also be viewed in the New Experience UI. To view the dashboard in the new UI, navigate to and click theDashboards icon. Depending on your role, the default dashboard is displayed. To view other dashboards, click the drop-down next to the dashboard name. For more information, see Dashboards page in the Vulnerability Manager Workspace and Dashboards page in the IT Remediation Workspace.
The Overview dashboard communicates KPIs for vulnerability risk and prevalence, affected applications, remediation trends, and remediation progress. The default for trends is three months but can be changed to 7 day, one month, 3 months, 6 months, YTD, 1 year, or All.
Breakdown the data in the Application Vulnerability Management dashboard by Scan Type, Application or Business unit. Each of these choices has an additional filter, Select elements, to refine your selections. Starting from Application Vulnerability Response v15.0, business and CI applications have been added to the choices for the Application filter.
The Security Posture tab helps you understand your security posture and the progress of your remediation actions.
This dashboard helps you understand where your organization is taking risk due to potentially excessive deferrals and reconsider remediation options.
You can view Deferred Application Vulnerable items by Reason, Expiring Deferral Requests for AVIs, Exceptions for Critical Application Vulnerable Items by Assignment Group, AVI Exception Requests by Requester.
The Remediation Trend tab helps you understand the progress of your remediation actions.
The Scoreboard tab helps you understand the progress of your remediation actions, and which AVIs need the most assistance with their completion.
- Dynamic: Use only metrics from dynamic data import
- Static: Use only metrics from static data import
You can choose either or both.
Indicators
- Mean time to remediate Low AVIs
- [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 4 - Low]] / [[Closed Application Vulnerable Items > Risk Rating = 4 - Low]]. Goal is to minimize.
- Application Releases
- It is the count distinct on applications from AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Application Vulnerable Items
- It is the count on app vul items AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Average AVIs per application
- [Active Application Vulnerable Items]] / [[Application Releases]]. Goal is to minimize.
- Unassigned VIs
- It is the count on indicator source AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Mean time to remediate AVIs
- [[Summed Duration of Closed Application Vulnerable Items]] / [[Closed Application Vulnerable Items]]. Goal is to minimize.
- Mean time to remediate High AVIs
- [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 2 - High]] / [[Closed Application Vulnerable Items > Risk Rating = 2 - High]]. Goal is to minimize.
- Closed Application Vulnerable Items
- It is the count on indicator source AVI.Closed, which is using the table: sn_vul_app_vulnerable_item. Goal is to maximize.
- Mean time to remediate Critical AVIs
- [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 1 - Critical]] / [[Closed Application Vulnerable Items > Risk Rating = 1 - Critical]]. Goal is to minimize.
- New Application Vulnerable Items
- It is the count on indicator source AVI.New, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Mean time to remediate Medium AVIs
- [[Summed Duration of Closed Application Vulnerable Items > Risk Rating = 3 - Medium]] / [[Closed Application Vulnerable Items > Risk Rating = 3 - Medium]]. Goal is to minimize.
- Net change in VIs
- [[New Application Vulnerable Items]] - [[Closed Application Vulnerable Items]]. Goal is to minimize.
- Summed Duration of Closed Application Vulnerable Items
- It is the count on indicator source AVI.Closed, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Critical Overdue Application Vulnerable Items
- It is the count on data source AVI.Active, which is using the table: sn_vul_app_vulnerable_item. Goal is to minimize.
- Critical Application Vulnerable Items
- It is the count on indicator source Applications with active AVIs, which is using the table: sn_vul_analytics_app_ci_dept_bu. Goal is to minimize.
Breakdowns
- Age
- Age Closed
- Application
- Business Unit
- Risk Rating
- Scan Type
Data visualizations
| Name | Type | Description |
|---|---|---|
| V15.0: Penetration Test Findings in Validation Pending State | Pie Chart  |
Penetration test findings in Resolved state, but with validation pending, grouped by risk rating. |
| V15.0: Overdue Penetration Test Findings | Pie Chart |
Critical penetration test findings that have missed their remediation target date, grouped by risk rating. |
| Active Application Vulnerable Items (AVIs) | Single Score  |
Number of active (non-closed) application vulnerable items (AVIs). |
| Unassigned Application Vulnerable Items (AVIs) | Single Score |
Number of active application vulnerable items (AVIs) without an assignment group. |
| Application Vulnerable Item (AVI) Distribution | Pie Chart |
Distribution of all active application vulnerable items (AVIs) grouped by risk rating. |
| Application Vulnerable Items (AVIs) by Age | Heatmap  |
Number of active application vulnerable items (AVIs) grouped by risk rating and age (in days). Note: Customizing the Age and Age closed calculation for application vulnerable items (AVIs) may lead to a sharp rise or drop in the Performance Analytics (PA) reports that include these metrics. For more information on how to
customize the calculation of Age and Age closed for AVIs, see the KB1703270 KB article. |
| AVI trends | Trend  |
Trend of active application vulnerable items (AVIs) grouped by risk rating. |
| Average AVIs per application | Trend |
Trend of average application vulnerable items (AVIs) per application, grouped by risk rating. |
| Name | Type | Description |
|---|---|---|
| Mean time to Remediate Application Vulnerable Items (AVIs) | Line  |
Trend of the average remediation time for application vulnerable items (AVIs) by risk rating. |
| Net change of AVIs | Trend
|
Trend of new application vulnerable items (AVIs) detected vs closed by month. |
| Name | Type | Description |
|---|---|---|
| Top 10 Applications with Most Critical Application Vulnerable Items (AVIs) | Score card and Distribution Bar 
 |
Applications with most number of critical application vulnerable items (AVIs). |
| Top 10 Applications with Most Overdue Critical Application Vulnerable Items (AVIs) | Score card and Distribution Bar
|
Applications with the most number of active application vulnerable items (AVIs) that are past their remediation target dates. |