Vulnerable item age calculation and display

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vulnerable item age calculation and display

    The Vulnerability Response application in ServiceNow now displays the age of vulnerable items (VIs) with greater precision, showing the duration in Days/Hours/Minutes format. This enhanced age information appears in the Age column on the Vulnerable Items list view and in the Age and Age closed fields on VI (VIT) records. The update improves accuracy in managing VIs, particularly for large datasets, and optimizes system performance by calculating age on-demand rather than via scheduled jobs.

    Show full answer Show less

    Key Features

    • Detailed Age Display: Age is shown as Days/Hours/Minutes for active VIs in the list view and record fields, aiding precise monitoring.
    • State-Based Age Handling: Age is visible only for active VIs (non-Closed states). For closed VIs, the Age field is hidden, but the total active duration in days is recorded in the Age closed field.
    • Reopened VIs: When a VI is reopened from a Closed state, the Age closed field resets, and the Age field resumes displaying detailed active time.
    • Performance Optimization: Age calculation is performed on-demand for efficiency, preventing performance degradation in instances with many VI records.
    • Role-Based Access: Viewing age details requires specific roles—vulnerability managers with snvul.vulnerabilityread, Vulnerability admins, or IT remediation owners with snvul.remediationowner on assigned records.
    • Automatic Upgrade Addition: The enhanced Age column is added automatically upon installation or upgrade of the Vulnerability Response application.

    Practical Benefits for ServiceNow Customers

    • Improved Rule Configuration: Enables precise Auto Delete Rules targeting VIs by Days/Hours/Minutes, enhancing data management and system performance.
    • Enhanced Reporting and Filtering: More granular age data supports detailed Performance Analytics reports and refined filtering of Vulnerable Items.
    • Efficient List Views: Allows pruning list views to focus on specific VIs based on detailed age criteria.
    • Clear Visibility of VI Lifecycle: Helps track how long VIs have been active or closed, supporting better remediation prioritization.

    Additional Notes

    • If after upgrading the age is not displayed correctly in Days/Hours/Minutes format, it indicates the age column is outdated and requires remediation as per ServiceNow KB0749231.
    • The Age and Age closed fields are read-only for authorized users.
    • Customization of age calculation methods is possible, with guidance available in KB1703270.
    • Persona and granular roles can be assigned and managed to control access and capabilities within the Vulnerability Response application.

    The age of vulnerable items (VIs) is displayed in the Vulnerability Response application with more detail.

    The vulnerable item (VI) age is displayed in Days/Hours/Minutes format in the Age column on the Vulnerable Items list view, and in the Age and Age closed fields on VI (VIT) records. Age displayed in more significant digits may help you more accurately perform the following activities:
    • Configure rules in the Auto Delete Rules module to target and delete specific VI records by Days/Hours/Minutes. Removing records with more accuracy may increase your performance, especially if you have a large number of VI records in your instance.
    • View reports with more specific details in the Performance Analytics for the Vulnerability Response application.
    • Create filters that identify only the VIs you want.
    • Prune list views to display only the VIs you want.
    • Dot-walk more easily.

    A scheduled job calculated age and updated all active VIs. In instances with large numbers of VI records, this process could be slow and negatively impact performance. VI age is calculated more efficiently on-demand and displayed with more significant digits with an enhanced Age column. The enhanced Age column is automatically added when you install or upgrade the Vulnerability Response application.

    Note:
    If you perform an upgrade and the VI age is not displayed in the Vulnerable Items list view and in the Age and Age closed fields on active VI (VIT) records in Days/Hours/Minutes (9 Days, 18 Hours, 29 Minutes) format, the age column is not current in your instance. For more information about how to resolve this issue after an upgrade, see KB0749231.

    The age column and fields are not editable. A vulnerability manager with the sn_vul.vulnerability_read permission or the Vulnerability admin persona can view this value, and IT remediation owners with the sn_vul.remediation_owner role can view it on records assigned to them.

    Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

    VI age is displayed as shown in the following images.

    Vulnerable items list

    As shown in the following figure, on the Vulnerable Items list view, Age is displayed in the Age column in Days/Hours/Minutes (21 Days 17 Hours 17 minutes) only for active VIs. Active VIs are VIs in any states other than 'Closed'. This age value represents the number of days the VI has been active.

    The age is not displayed for VIs in the ‘Closed’ state. For VIs previously in a ‘Closed’ state and then reopened, the value represents the number of days the VI has been active since the date it was last opened.

    VI list view that shows the Age field is blank for VIs in a Closed state.

    Age on VI records

    On the VI records, the value of Age column in the list view is visible for active VIs in the Age field.

    VI Age field and State for active VI.

    The value of the Age column is not displayed for VI records in the ‘Closed’ state.

    The Age field isn't displayed for a closed VI.

    Age on the Vulnerable items list and VI records when a VI is updated

    When a VI is in the ‘Closed’ state, the Age field is not displayed. When the VI transitions to ‘Closed', the value in number of days from the Age column is displayed in the Aged closed field (9) as shown in the following figure. This value represents the number of days the VI was active before it transitioned to ‘Closed.’ For example, in the following image, this VI was active for 9 days, 18 hours, and 29 minutes, but only the number of days (9) is displayed on the closed record.

    The Age closed field on the VI record in days.

    If this VI is reopened, when the VI state transitions back to ‘Open’, the Age closed field is reset to 0. Because the VI is active again, the age in Days/Hours/Minutes is displayed in the list view in the Age column and on the Age field on the VIT.

    The Age closed field is reset to 0 and the Age field is in Days/Hours/Minutes.

    For more information on how to customize the Age and Age closed calculations, see the KB1703270 article.