SecOps Vulnerability Response Health dashboard
The Vulnerability Response Health dashboard is a tool designed to empower organizations with comprehensive insights into the implementation and usage of their Vulnerability Response applications.
The overall health assessment is determined by aggregating various critical factors across configuration, implementation, integration, performance, data, and process. View the aggregate dashboard for each category for the following applications:
- Vulnerability Response
- Application Vulnerability Response
- Container Vulnerability Response
- Configuration Compliance
Installing the SecOps Vulnerability Response Health Dashboard
To install and configure the SecOps Vulnerability Response Health Dashboard for Vulnerability Response applications in your ServiceNow AI Platform instance, navigate to the ServiceNow® Store and activate the SecOps Health Analytics (sn_sec_analytics) plugin.
Required ServiceNow AI Platform roles
Roles required: sn_sec_analytics.admin, sn_sec_analytics.readScheduled job
To view the scheduled job, navigate to . The 'Collect health dashboard metrics' scheduled job is run daily at 00:00 hours. It generates the data for the SecOps Vulnerability Response Health dashboard. You can choose to run the scheduled job manually as well.
Use cases
For examples of how people in your organization would use this dashboard, see these use cases.
| User | Dashboard use |
|---|---|
| Vulnerability admin | Helps you gain an understanding of the health score of the Vulnerability Response applications. It’s also helpful to highlight the areas that need improvement. The Vulnerability Response Health Dashboard deals with the implementation and usage health only. It doesn’t assist with management of vulnerabilities or assets. |
| Support admin | Helps you to identify the performance, customization, and configuration issues using KPIs. Based on the application health, you can perform an extra analysis or provide a recommendation to the users. |
| Implementation partner | Helps you to evaluate the Vulnerability Response implementation health for configurations, add-ons, customizations, and integrations, and provide improvement recommendations for the users. |
The SecOps Vulnerability Response Health Dashboard tabs
To view the SecOps Vulnerability Response Health dashboard, navigate to . Each color in the dashboard represents the following:
- Green: Safe
- Yellow: Warning
- Red: Critical
This dashboard communicates the overall health score for the configuration and remediation health of the VR applications.
This dashboard displays the configuration and integration health of your implementation. It provides a holistic overview of the implementation performance.
This dashboard displays the data health of the VR applications.
This dashboard displays the trends for the vulnerable item ingestion performance metrics for the past 30 days for the VR applications.
Reports
Note:
The threshold values are a part of the base system. You can configure the values based on your requirements.
| Title | Description |
|---|---|
| Overall health | Overall health score for the VR applications. For more information, see the reports for the metrics. |
| Configuration | Overall configuration health of the VR applications. |
| Implementation health | Overall implementation health of the VR applications. |
| Integration health | Overall integration health of the VR applications. |
| Performance | Overall performance health score of the VR applications. |
| Data health | Overall data health of the VR applications. |
| Process health | Overall process health score of the VR applications. |
| Title | Description | Considerations for improving performance | Threshold warning | Threshold critical |
|---|---|---|---|---|
| Configuration | ||||
| Auto-delete rules | Displays the number of enabled auto-delete rules. | Review and resolve the inactive auto-delete rules. | 3 | 1 |
| Auto-close stale records | Closes stale detections automatically. For more information, see the 'Automatically close stale detections in Vulnerability Response' topic in servicenow.com/docs. | Reduce the volume of stale detections. Enable this option to close the stale detections that aren’t closed by the scanners. | 3 | 1 |
| Implementation health | ||||
| Customized script includes | Number of 'script includes' customized. | Minimize customized 'script includes' for easier upgrades. | 10 | 12 |
| Business rules on the detections table | Number of customized business rules in the detection table. | Minimize business rules for easier upgrades. | 4 | 8 |
| Customized business rules | Number of customized business rules before creation of records in the CMDB. | Use the default business rules on records. | 5 | 8 |
| Upgrade conflicts | Conflicts such as business rules and scripts identified on an upgrade. | Review and resolve the upgrade conflicts. | 10 | 15 |
| PA installed but not activated | Indicates if the Performance Analytics dashboard is not enabled. | Activate the PA dashboard. | 10 | 15 |
| Integration health | ||||
| Disabled integrations | Number of integrations that have been disabled. | Review and enable the required integrations. | 6 | 9 |
| Failed integration runs in the past week | Number of integration runs that weren’t successful in the past week. | Review and resolve the cause of the failed integration runs. | 9 | 12 |
| Performance | ||||
| Slow business rules and scripts | Business rules and scripts whose average execution time greater than 10 ms and execution count greater than 10,000. | Review and resolve the slow-running business rules. | 10 | 15 |
| Stalled integrations | Number of integrations that were timed-out before completion. | Review and resolve the cause of the stalled integrations. | 10 | 15 |
| Failed or stalled background jobs | Failed or timed-out background jobs in the past week. | Review and resolve the cause of the failed jobs. | 5 | 10 |
| Slow queries | Queries whose average execution time is greater than 10 ms and execution count is greater than 10,000. | Review and resolve the slow-running business rules. | 10 | 15 |
| Title | Description | Considerations for improving performance | Threshold warning | Threshold critical |
|---|---|---|---|---|
| Data Health | ||||
| Discovered item matching rate | Number of discovered items matched to existing CIs. | Review the health of your CMDB and the CI lookup rules logic. | 50 | 20 |
| Unmatched CIs in discovered items | Discovered items in unmatched state. | Review the health of your CMDB and the CI lookup rules logic. | 9 | 12 |
| Unused CI lookup rules | CI lookup rules that aren’t associated with any discovered item. | Change the status of the unused CI lookup rules to inactive. | 4 | 6 |
| Discovered item with no CI | Discovered item with no configuration item. | Review and reapply CI lookup rules. | 9 | 12 |
| Defective active records | Records without a configuration item or vulnerability. | Retire the CIs using the CMDB CI Lifecycle Management option. Note: Deleting CIs directly can result in orphan VITs. |
40 | 60 |
| Remediation tasks without assignment group | Active remediation tasks whose assignment group is yet to be assigned. | Assign remediation tasks to an assignment group and review the existing assignment rules. | 40 | 60 |
| Closed records without substate | Records that are closed without a substate. | Provide information in the Reason field while closing the records. | 40 | 50 |
| Process Health | ||||
| Active records without risk score | Active records with a risk score of 0 or with no risk score assigned. | Review and resolve the risk rules. | 40 | 60 |
| Unassigned active records | Records without an assignment group. | Assign a group to the records and review the existing assignment rules. | 30 | 50 |
| Items without Remediation Target | Items without a remediation target date. | Review and resolve the remediation target rules. These rules must include all the records. | 30 | 50 |
| Ungrouped active records | Records that aren’t included in a remediation task rule. | Review the remediation task rules. | 40 | 60 |
| Title | Description |
|---|---|
| Last 30 days vulnerable item ingestion performance metrics | Average time taken to ingest vulnerable items and process multiple rules in the past 30 days. |