Retired CIs flag is enabled to close the VIs automatically Product Success Playbook Retired CIs flag is enabled to close the VIs automatically A step-by-step guide to analyze and remediate Vulnerable Item Data Table of Contents Summary Goal of this Playbook Audience Problem Overview Executive Summary How this playbook can help you achieve business goals How this playbook is structured Problem Analysis Upstream Causes Downstream Consequences Impact on Your Business Engagement Questions Remediation Plays Summary Play 1: Review your data Play 2: Fix Play - Enable Auto-close VIs Data Governance References<optional> Summary Goal of this Playbook Understand and remedy the issue of having VIs associated with retired CIs. These VIs serves no purpose and impacts the effectiveness of vulnerability remediation. Details about this playbook Author Bibu Elias Punnachalil Reviewer Ravi Kumar Kanukollu Date 11/10/2022 Addresses HSD # HSD0011773 Applicable ServiceNow Releases All Releases Prerequisites Time Required Approximately 1 to 8 hours (depending on your environment) Audience Vulnerability Administrator, Vulnerability Analysts, Remediation teamsConfiguration Manager or Configuration Management team ServiceNow Administrator or Discovery Administrator Problem Overview As organizations continue to be exposed to fast growing volumes of vulnerabilities, it is critical for their risk profile that they do not waste resources on unnecessary tasks.Vulnerable Items with retired Configuration Item (CI) serve no purpose, they are noise with no value, clutter the data landscape and distract teams from effective remediation work. Executive Summary How this playbook can help you achieve business goals This playbook recognizes the need to rectify VIs records whose associated CI records are retired. It will help you fix these incomplete records and find a long-term solution to avoid the issue. It will ensure that your remediation team are provided with actionable information; this is turn will contribute to improving the vulnerability profile of you organization. How this playbook is structured This playbook contains three plays to help you rectify VIs with retired CI. Play 1 [Review Play] Shows the VI records associated with retired CIsPlay 2 (remediation) Enable “Auto-close VIs related to retired CIs”Play 3 (a Data Governance play) lists the guidelines and processes for continuing to have Vis with remediation target Problem Analysis Upstream Causes "Auto-close VIs linked to retired CIs" option is disabledCI lifecycle updated through custom scripts Downstream Consequences Data Consequence Presence of non-actionable VIs Operation Consequence Non-actionable tasks are forwarded to remediation teamsRemediation is not possible due to retired CIs linked to VIsFrustration, lack of confidence in the VR implementation App Consequence Dashboards & reports using CI information for vulnerability response analysis will be of limited use Impact on Your Business VIs with retired CI will negatively impact the effectiveness and efficiency of your Vulnerability Remediation teams, vulnerability teams and audits. Security MTTR Delay in vulnerability identification.Slower response to vulnerability remediation Audit/Compliance Incomplete VI data. Engagement Questions: Consider the answers to these questions: Is there a process in place to review and reconcile VIs with retired CIs?Is there an established relationship between the VR team and the CMDB team?Is the CI lifecycle management KB article widely used?Are there automated or manual processes that could retire CI records?When the CMDB is updated, is the VR team informed? Remediation Plays SummaryThe table below lists and summarizes each of the remediation plays in the playbook. Details are included later. Play Name Review your data What this play is about Shows you how to navigate to list view and see the active VIs with retired CIs Required tasks Create a filter in the Vulnerability Items list to find the VIs with retired CI Fix Play What this play is about Enable Auto-close VIs when CIs are retired Required tasks Update Vulnerability Response Configuration Data Governance What this play is about Repeat the fix regularly Required tasks Establish process to avoid VIs with no CI. Play 1 - Review your data What this Play is about What? Shows you how to view your Vulnerability Items with no CI records in List View. Required tasks Go to navigatorà Vulnerability Response à Vulnerable Items à All Change the filter to show only VIs with retired CIs The list of records returned are VIs with CI status as retired Play 2 – Enable Auto-close VIs linked to retired CIs What this Play is about Enable “Auto-close VIs linked to retired CIs” Required tasks Go to navigatorà Vulnerability Response à Auto-Close Vulnerable ItemsClick on Configuration Item Lifecycle tab Tick the checkbox “Auto-close VIs linked to retired CIs”Click “Update” Note : If a CI is already retired before the Auto-close VIs linked to retired CIs option is enabled, the state of these VIs is Closed and the substate is CI Decommissioned. You cannot reopen VIs whose state is CI decommissioned, using the Reopen or Bulk Edit options. Data Governance What this Play is about Monitor and maintain the VIs with retired CIs Required tasks Regularly execute play 1 to review if any VI records with retired CIsSetup a process to ensure alignment between CMDB & VR Teams and review VIs from retired CIs Congratulations You have completed this Product Success Playbook.