Viewing the Performance Analytics for Configuration Compliance dashboard
Summarize
Summary of Viewing the Performance Analytics for Configuration Compliance Dashboard
The Configuration Compliance Performance Analytics (PA) dashboard in ServiceNow enables you to efficiently monitor and remediate key configuration issues across your environment. It offers detailed reports and visualizations highlighting compliance status, remediation progress, exception approvals, and risk assessments. The dashboard is accessible through both the classic and Next Experience UI, providing flexibility based on your ServiceNow version and role.
Show less
Terminology changes introduced in version 14.9 of Configuration Compliance align terms such as Test Result Group and Rules to Remediation Task Group and Remediation Task Rules, respectively, ensuring clarity in remediation workflows.
Access and Roles
- Required roles:
admin(for installation and configuration),paadmin(for managing PA components and data collection), andsnvulc.read(for read-only dashboard access). - Navigation: Access via All > Configuration Compliance > Overview or through the Vulnerability Manager Workspace dashboards in the Next Experience UI.
Dashboard Tabs and Filters
- Overview tab: Apply filters such as Asset category, Cloud resource type, Cloud service provider, Cloud account, and Cloud region to customize report visualizations. Interactive widgets show applied filters and allow drill-down into KPI Details for record comparison, date range selection, and advanced filtering.
- Compliance tab: Displays compliance percentages against authoritative standards like HIPAA and DISA, with filtering options for easier analysis.
- Remediation tab: Tracks remediation progress and hygiene of misconfiguration fixes.
- Approvals tab: Shows exception request statuses, including approvals and rejections.
Breakdowns and Filters
Indicators on the dashboard can be broken down by multiple dimensions such as Assignment group, Risk rating, Asset category, Cloud provider, and more. This enables granular analysis of compliance and remediation data.
The Overview tab’s filters dynamically populate based on integration data, allowing multi-select filtering to tailor reports to your cloud environment and asset types.
Data Visualizations
The dashboard includes a variety of report types sourced from test results, remediation tasks, and approval records:
- Overview tab visualizations: Compliance trends, remediation task counts, risk rating distributions, age of test results, and overdue critical issues by assignment groups and services.
- Remediation tab visualizations: Breakdown of remediation tasks by risk rating, target status, assignment group, and aging tasks approaching expiration.
- Approvals tab visualizations: Exception requests by age, reason, approval status, and upcoming expirations for requests you manage or approve.
Note that customizing the calculation of test result age metrics can significantly impact report trends, so adjustments should be made cautiously.
Practical Benefits for ServiceNow Customers
- Gain comprehensive visibility into configuration compliance across cloud and on-premise assets.
- Quickly identify and prioritize critical remediation tasks based on risk and overdue status.
- Track exception requests and their approval progress to maintain governance.
- Leverage detailed filters and breakdowns to focus on specific asset categories, cloud providers, or organizational groups.
- Utilize the Next Experience UI for an enhanced user interface with contextual dashboards.
You can manage your most important configuration issues and remediate them quickly by viewing the reports on the Configuration Compliance Performance Analytics (PA) dashboard.
| Terminology prior to v14.9 | Terminology v14.9 onwards |
|---|---|
| Test Result Group | Remediation Task |
| Group Rules | Remediation Task Rules |
| Policy | Test group |
Required ServiceNow AI Platform roles
The following roles are required for the Configuration Compliance Performance Analytics dashboard:
- admin: An admin can install and activate the Performance Analytics for Configuration Compliance and make changes to the system properties.
- pa_admin: A performance analytics administrator can create and review the background jobs, indicators, breakdowns, widgets, and dashboards. This admin can also set up and start the data collection.
- sn_vulc.read: A user with the read role can review the dashboard data.
Access the Configuration Compliance dashboard
To open the dashboard, navigate to .
Configuration Compliance [PA] dashboard tabs
- Show the records.
- Compare the records.
- Change the chart type.
- Select the date range.
- View the trends that are based on the duration.
- Apply the additional filters including the filters that are unavailable on the Overview tab. An example is the Host tag.
The following example shows how you can apply the filters in the Overview tab and perform the actions in the KPI Details tab.
The Compliance tab displays the compliance percentage for the various authoritative sources, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Data Interchange Standards Association (DISA). You can refine this list by using the column header filters and selecting a category.
The following example shows how you can filter the data in the Compliance tab.
The Remediation tab displays the information about the progress of how remediation is going. You can use this tab to see into the misconfiguration remediation hygiene.
The following example shows the Remediation tab.
The reports on the Approvals tab display the information about the exception requests and their approval status.
The following example shows the Approvals tab.
Breakdowns
- Deferred Reason
- Age
- Assignment group
- Remediation status
- Result
- Risk rating
- Asset category
- Host tag
- Configuration test
- Cloud service provider
- Cloud region
- Cloud account
- Cloud resource type
Filters
In the Overview tab, you can apply the following filters to the widgets to visualize the filtered data.
| Name | Type | Description |
|---|---|---|
|
Asset category |
Choice |
Type of asset. The four options are:
|
| Cloud resource type |
Choice |
Type of resource. An example is a virtual machine. The data in the filter is filled in when you run the integration. |
| Cloud service provider |
Choice |
Service provider for the cloud. The three options are:
|
| Cloud account |
Choice |
Account ID that is created when an account is created in a cloud service. For example, AWS. The account ID data is filled into the filter when you run the integration. |
| Cloud region |
Choice |
Location where the resource is hosted. |
Data visualizations
| Report name | Type | Source table | Description |
|---|---|---|---|
|
Compliance Trend |
Line chart |
Test Results |
Information about the compliance trend:
|
| Remediation Task | Single score  |
Test Results | Number of remediation tasks, which are present in the system and are in an active state. |
| Critical remediation tasks near due | Single score |
Test Results | Number of remediation tasks where the risk rating is "critical" and the remediation status is "approaching target." |
| Test results by risk rating | Bar |
Test Results | Test results in the failed state, which are grouped according to the risk rating. |
| Test results by age | Bar |
Test Results | Test results in the failed state, which are grouped according to when the test results were created. Note: Customizing the Age and Age closed calculation for test results may lead to a sharp rise or drop in the
Performance Analytics (PA) reports that include these metrics. For more information on how to customize the calculation of Age and Age closed for test results, see the KB1703270 KB article. |
| Closed test results by remediation target adherence | Bar |
Test Results | Test results in the passed state, which indicates that this test is closed. |
| Overdue critical test results by assignment group | List and Score |
Test Results | Number of test results where the risk rating is "critical" and the remediation status is "target missed". The report indicates that the test results are in an Open state. If the test results cross the remediation target date, it’s considered as overdue. |
| Overdue test results- services | List, Score, and Trend |
PA dashboards database view for Services | Number of test results for services where the remediation status is "target missed". This report also displays the name of the services or departments with the highest test results. |
| Overdue test results- service owners | List, Score, and Trend |
PA dashboards database view for Services | Number of test results for service owners whose remediation status is "target missed". This report also displays the name of the services or departments with the highest test results. |
| Title | Type | Source table | Description |
|---|---|---|---|
| Remediation task by risk rating | Bar |
Remediation task | Breakdown of the risk ratings of all the test results groups that are in the active state. |
| Remediation task by remediation target status | Bar |
Remediation task | Breakdown of the remediation targets of all the test results groups that missed the target, have no target, and are approaching the target. |
| Remediation task by assignment group | List, Score, and Trend |
Remediation task | Breakdown of the remediation tasks that are based on an assignment group. |
| Overdue critical remediation task by assignment group | List, Score, and Trend |
Remediation task | Breakdown of the remediation tasks that are based on an assignment group. These remediation tasks have a risk rating as "critical", and their remediation target hasn’t been met. |
| Expiring remediation task by age | Bar |
Remediation Task | Remediation tasks that are going to expire within a certain duration. A maximum of 10 duration buckets can be created. |
| All pending exception requests grouped by reason | Bar |
State change approval | State change approval requests that are grouped by the reason for the exception. |
| Critical exceptions on test results by assignment group | List, Score, and Trend |
Test Results | Test results that are in a deferred and critical state and are grouped based on the assignment group. |
| Reports | Type | Source table | Description |
|---|---|---|---|
| Exception requests by age pending my approval | Bar |
Approval | Exception requests that are created by you and that are pending approval. The requests are grouped according to the duration of the request. |
| Approval requests by reason | Bar |
State change approval | State change approval requests for creating an exception and include the reason for the exception. |
| Remediation tasks having approval request by risk rating | Bar |
Remediation task | Remediation tasks that have an approval request that is based on the criticality. |
| My approval requests by approved and rejected status | Bar |
State change approval | Exception requests that are grouped by the approved and rejected statuses. |
| Expiring exception requests by me by age | Bar |
State change approval | Exception requests that are going to expire in the coming weeks. The exception requests are grouped based on weeks. Whenever an exception request is created, a date is selected for the validity of the exception request. The calculation for the age of the request is based on this date. |
| Status of exception requests requested by me | Bar |
State change approval | Exception requests that are created by you and that are grouped according to the following statuses:
|