How to handle Zero Day Vulnerabilities in Vulnerability ModuleDescriptionFor Zero-Day Vulnerabilities, there is no CVE-Number and it's also not imported from Qualys (Third-Party Vulnerability Entry), so there is no chance to have the sn_vul_entry in ServiceNow. Also, the sn_vul_entry table is read-only (ACL for "nobody"). But we need to track Vulnerable Items and Groups for Zero-Day Vulnerabilities. Is it good to extend a 3rd table from sn_vul_entry which can be maintained for the vulnerability write role? If Yes, then how to deal with existing VulnItems & VulnGroups, if the Zero Exploit gets an official CVE number?ResolutionExtending the vuln entry table would provide parity with the "third-party" vulnerabilities coming from other products. You will have to adjust the ACLs accordingly for this table.As for how to handle the vulnerabilities as they are published, you will have to manually manage the duplication. The challenge with third-party vulnerabilities, such as those from Qualys, is they're proprietary and often don't align 1:1 with a CVE. They often aggregate multiple CVEs and then split CVEs by platform. So, it's difficult to automatically reconcile them. How to deal with existing VulnItems & VulnGroups, if the Zero Exploit gets an official CVE number? There will be an option of updating all vulnerable items to point to the new CVE, but by the time they get around to importing a real CVE, their vulnerability scanner probably has a corresponding vulnerability record for it and is already importing vulnerability instances for it. We would then recommend closing the manually created vulnerable items as duplicate findings from the vulnerability scanner are identified.