Suggest vulnerability solutions with generative AI

  • Release version: Zurich
  • Updated May 26, 2026
  • 4 minutes to read

    • Use generative the Approval Recommendation generative AI skill to help your analysts find potential preferred solutions from third-party vendors for the vulnerabilities on your assets.

    Before you begin

    To view and use the generative AI skills agentic workflows in the Unified Security Exposure Management you must upgrade to Unified Security Exposure Management. See Unified Security Exposure Management release notes for more information.

    The Now Assist panel must be activated. For more information, see Activate the Now Assist panel standard chat.

    Important:
    This Now Assist skill is turned on by default. The skill will be automatically available to appropriate role users for the application. For more information, see Now Assist skills, agents, and agentic workflows on by default.

    For more information about configuring this skill, see Configure a generative AI skill.

    Roles required:
    Note:
    The sn_vul.vulnerability_admin, sn_vul.vulnerability_analyst, and sn_vul.remediation_owner inherit the following roles when you install the Now Assist for Vulnerability Response application.
    • sn_vul_ai.run_suggest_solution - required to run the recommended solution feature on vulnerable items.
    • sn_vul_ai.read_suggest_solution_job - required to run the scheduled job for remediation tasks and view the Recommend Solution Job [sn_vul_ai_suggest_solution_job] table and run status.

    Procedure

    1. Navigate to All > Workspaces > Vulnerability Manager Workspace.
    2. Open a host vulnerable item (VIT) record and select the Details tab.
    3. To use Now Assist with VR reasoning to find the solutions that best match your vulnerabilities, select Recommend solution.
    4. Alternatively, open a remediation task (RT) that is assigned to you and select Recommend solution.
      The following tables describe the messages and notifications that are displayed and where data is populated after you select Recommend solution on VIT and remediation task records.
      Note:
      Now Assist with VR doesn’t generate vulnerability solutions. Solutions are imported from third-party integrations. For you to see the Recommend solution button on VIT and remediation task records, there must be at least one solution of the highest supersedence available for the vulnerability associated with that VIT.
      Table 1. Vulnerable item (VIT) records
      Message or notification Description
      A potential solution has been found by now Assist for VR to help you remediate this vulnerability. Check the Remediation section and the Activity stream on the Details tab for more information. Information for a preferred solution is populated on the Details tab of a VIT in the Preferred solution and Summary fields in the Remediation section. Work notes are entered in the Activity stream.

      Be sure to check the solutions for accuracy.

      Note:
      If a VIT has a solution that was provided by Now Assist for VR, the solution might change if you import more solutions and rerun the job (select Recommend solution).
      A solution for this vulnerability has been found using Now Assist for VR based on the following reasoning. Details in the Activity stream on VITs about why this solution was determined by Now Assist for VR to be a preferred solution. Reasoning is displayed only on VITs.

      Preferred solutions found by the skill are rolled up to the Solutions tab on remediation tasks.

      Be sure to check the solutions for accuracy.
      A solution wasn’t found. Check the Remediation section and the Activity stream on the Details tab for more information. Summary in the Activity stream on the Details tab on VITs about why no solution was found. Reasoning is displayed only on VITs.
      Table 2. Remediation task (RT) records
      Message or notification Description
      Use Now Assist for VR to help you find potential preferred solutions for the vulnerable items in this remediation task. Your performance might be impacted if the remediation task has a large number of VITs.
      • The RT must have at least one VIT. The default for the maximum number VITs on an RT is 1,000. You might prefer to keep this value in its default setting.
        Note:
        You can modify the maximum value with the sn_vul_ai.max_vits_allowed_for_suggest_solution system property.
      • Reviews all VITs in the remediation task but solutions are recommended only for VITs in the remediation task that are in active states, have solutions of the highest supersedence, and don’t already have a solution.
        Note:
        If you rerun the job (select Recommend solution) for a remediation task, by default, the job only evaluates VITs without solutions (true). To evaluate VITs with solutions, you must change the sn_vul_ai.exclude_vits_with_solution system property to false.
      • Provides a summary for the preferred solution in the Activity stream on Details tab on the remediation task.
      • Preferred solutions found by the skill are rolled up to the Solutions tab on remediation tasks.
      • Rolls down solution information for matching VITs in the remediation task. Solution information is populated in the Preferred solution and Summary fields and the Activity stream on the Details tabs.
      • If a background job is in progress and evaluating solutions for that record, the Recommend solution button isn’t visible on the remediation task. You can view the button after the job has completed.

      Be sure to check solutions for accuracy.
      Currently gathering solutions for VITs. Select this link to track progress.

      See job status and a summary that includes the following information:

      • Total number of VITs in Remediation task: n
      • Number of VITs Processed: n
      • VITs with solutions: n VITs

      If there isn’t enough information to confidently suggest a solution, solutions aren’t provided for VITs.

      The summary is also provided in the Activity stream after the job is completed.
      Solutions are not provided for VITs if there is not enough information to confidently suggest a solution. Solutions weren’t found for certain VITs, because there isn’t enough information or no solutions of the highest supersedence were provided for Now Assist to determine a solution.
      • The Preferred solution and Summary fields remain empty on the VIT.
      • Work notes are entered in the Activity stream on the VIT and remediation task.
      • Reasoning is displayed only on VITs.