Handle no assignment configuration on remediation task rules Product Success Playbook Handle no assignment configuration on remediation task rules A step-by-step guide to analyze and remediate Vulnerability Response data issues Table of Contents Summary Goal of this Playbook Audience Problem Overview Executive Summary How this playbook can help you achieve business goals How this playbook is structured Problem Analysis Upstream Causes Downstream Consequences Impact on Your Business Engagement Questions Remediation Plays Summary Play 1: Review your data Play 2: Analyze your CI records Play 3: Fix Play Play 4: Fix Play Data Governance Summary Goal of this Playbook Understand and remedy the issue of remediation task rules (Vulnerability Group Rules) missing assignment configuration, that causes remediation tasks to remain unaddressed and impacts the effectiveness of vulnerability remediation. Details about this playbook Author Bibu Elias Punnachalil Reviewer Ravi Kumar Kanukollu Date 11/10/2022 Addresses HSD # HSD0010622 Applicable ServiceNow Releases All Releases Prerequisites Time Required Approximately 1 to 8 hours (depending on your environment) Audience Vulnerability Administrator, Vulnerability Analysts, Remediation teamsServiceNow Administrator Problem Overview Remediation task rules not having assignment group will affect the automatic update of Vulnerable Items (VIs) with assignment group and can result in VIs remain untreated, leaving the organization exposed. Note: Starting with v15.0 of Vulnerability Response, the table labels for vulnerability groups and vulnerability group rules have changed. This change applies to labels on lists, records, and rules in both the classic UI and in the Vulnerability Response Workspaces. Vulnerability groups (VGs) are labeled, Remediation Tasks.Vulnerability group rules are labeled, Remediation Task Rules. Executive Summary How this playbook can help you achieve business goals This playbook recognizes the need to rectify remediation task rules that are not qualified with an assignment group. It will help you fix these incomplete records and find a long-term solution to avoid the issue. This will in turn ensure that Vulnerabilities are forwarded to remediation teams for action and will contribute to improving the vulnerability profile of you organization. How this playbook is structured This Playbook will guide you through 4 plays. Play 1 (a review data play) helps you review remediation task rules without assignment groupPlay 2 (Analyze) provides remediation steps required to check if the default rule is activePlay 3 (remediation) provides remediation steps required to fix remediation task rules without assignment groupPlay 3 (a Data Governance play) lists the guidelines and processes for continuing to have remediation task rules with assignment group Problem Analysis Upstream Causes Remediation task rules are not well definedYou are using the filter groups and conditions for automatically grouping vulnerable items Downstream Consequences Data Consequence Missing relationships,Presence of non-actionable VIs Operation Consequence Remediation teams are unaware of actions to be taken to deal with vulnerabilities.Lack of remediation: deterioration of the vulnerability profile of the organization.Remediation teams will be assigned large volumes of work when the problem is fixed App Consequence Dashboards & reports using the assignment group information for vulnerability response analysis will be of limited use Impact on Your Business Remediation Task Rules with no AG will leave your organization exposed and will negatively impact the effectiveness and efficiency of your Vulnerability Remediation teams, Vulnerability teams and audits. Security MTTR Slower response to vulnerability remediation. Audit/Compliance Incomplete VI data. Engagement Questions: Consider the answers to these questions: Is there a process in place to review and reconcile VIs with no AG?Is there an established relationship between the VR team and the CMDB team?Are there automated or manual processes that could delete or modify AG records?When the CMDB is updated, is the VR team informed? Remediation Plays SummaryThe table below lists and summarizes each of the remediation plays in the playbook. Details are included later. Play Name Review your data What this play is about Finding the remediation task rules with no assignment group Required tasks Use the report provided and get the details Analyze Play What this play is about Remedy the lack of a default assignment rule Required tasks Create a default rule and rerun the system Fix Plays What this play is about Create remediation rules with assignment group Required tasks Create new remediation rules and ensure that assignment group field is utilized Data Governance What this play is about Finding a long term solution to prevent the issue from reoccurring Required tasks Engage with the Platform team to establish a process Play 1 - Review your data What this Play is about Shows how to view Vulnerability Items with no remediation target Required tasks Load the update set “HSD0010622 - Query Vulnerability Group Rules for Assignment Group”Preview and commit the update setNavigate to Reports View/Run Search for the report “Vulnerability Group Rules with Assignment Group” Run the report and check the output In case the output is 0, proceed to play 2In case the output is 1 or above, skip the play 2 and proceed to play 3 Play 2 - Analyze existing configuration What this Play is about A default assignment rule, Assign to CI support group, is included in the base system assigning vulnerable items to the CI Support Group. The Assign to CI support group rule assigns a VI to whatever support group is set for the configuration item (CI) that is associated with the VI Required tasks Navigate to Vulnerability Response Administration Remediation Task RulesCheck for the rule with name “Vulnerability”Check if the “active” flag is ticked Play 3 - Fix Play What this Play is about Click on new remediation task rules with assignment section filled in Required tasks Navigate to Vulnerability Response Administration Remediation Task RulesClick NewEnsure that Assignment section is filled in correctly Data Governance What this Play is about Monitor and maintain the remediation task rules with no assignment group Required tasks Regularly execute play 1 to review remediation task rules with no assignment groupSetup a process to review and fine tune remediation target rules on a regular basis Congratulations You have completed this Product Success Playbook.