Handle VIs without a remediation target date Product Success Playbook Handle VIs without a remediation target date A step-by-step guide to analyze and remediate Vulnerability Response data issues Table of Contents Summary Goal of this Playbook Audience Problem Overview Executive Summary How this playbook can help you achieve business goals How this playbook is structured Problem Analysis Upstream Causes Downstream Consequences Impact on Your Business Engagement Questions Remediation Plays Summary Play 1: Review your data Play 2: Review Configuration Play 3: Fix Play - Create remediation target rule Play 4: Fix Play - Troubleshootremediation target rule Data Governance Summary Goal of this Playbook Remediation teams should have an understanding of the duration that their organization has deemed as appropriate for mitigating identified vulnerabilities. This playbook helps in getting the remediation target dates in VIs where its missing and helps in its prevention Details about this playbook Author Bibu Elias Punnachalil Reviewer Ravi Kumar Kanukollu Date 12/04/2022 Addresses HSD # HSD0011742 Applicable ServiceNow Releases All Releases Prerequisites Time Required Approximately 1 to 8 hours (depending on your environment) Audience Vulnerability Administrator,Vulnerability Analysts,Remediation teams.ServiceNow Admin, CMDB team. Problem Overview As organizations continue to be exposed to fast growing volumes of vulnerabilities, it is critical for their vulnerability profile that vulnerabilities be remedied quickly and efficiently. Missing remediation target date on Vulnerable Items may result in remediation teams not being able to prioritize Vulnerable Items and result in a delayed response Executive Summary How this playbook can help you achieve business goals This playbook recognizes the need to rectify Vulnerable Item records that does not have remediation date. It will help you fix these incomplete records and find a long-term solution to avoid the issue. It will help that vulnerabilities are targeted by remediation teams for action within the target dates; this in turn will contribute to improving the vulnerability profile of you organization. How this playbook is structured This Playbook will guide you through 4 plays. Play 1 (a review data play) helps you review VI records without remediation target datePlay 2 (a review play) provides steps to check if the scheduled job to evaluate remediation targetPlay 3 (remediation) provides remediation steps required to review the existing remediation target rulesPlay 4 (remediation) provides reasons for failure to apply remediation target rulePlay 5 (a Data Governance play) lists the guidelines and processes for continuing to have Vis with remediation target Problem Analysis Upstream Causes Remediation target rules are not well definedEvaluate remediation targets scheduled job is not active Downstream Consequences Data Consequence Remediation Status is not updated in VI Operation Consequence Remediation teams not able to prioritizeCritical vulnerabilities might miss the attention from remediation teams due to lack of SLAVulnerability managers has no clue about the remediation progress due to lack remediation status App Consequence Dashboards & reports using the remediation target & status information for vulnerability response analysis will be of limited use Impact on Your Business VIs with no remediation target will leave your organization exposed and will negatively impact the effectiveness and efficiency of your Vulnerability Remediation teams, Vulnerability teams and audits. Security MTTR Slower response to vulnerability remediation. Audit/Compliance Vulnerabilities without SLA Engagement Questions: Consider the answers to these questions: Is there a process in place to review and reconcile VIs with no remediation target?Are the remediation target rules reviewed regularly?Is there an established relationship between the VR team and the CMDB team? Remediation Plays SummaryThe table below lists and summarizes each of the remediation plays in the playbook. Details are included later. Play Name Review your data What this play is about Finding the VIs with no remediation target date Required tasks List the Vis with the filter on remediation target Fix Plays - Check Scheduled job What this play is about Check if scheduled job is active Required tasks Open the scheduled job definition and check for the active flag Fix Play: Setup remediation target rule What this play is about Shows how to create remediation target rule Required tasks Steps to create a remediation target rule Fix Play: What this play is about Provides steps to create remediation target rule Required tasks Create remediation target rule according to the steps Data Governance What this play is about Monitor and maintain vulnerable items without remediation target date Required tasks Follow the instructions provided in this play Play 1 - Review your data What this Play is about Shows how to view Vulnerability Items with no remediation target date Required tasks Display the list of VIs Option1: In the navigator, search for "Vulnerable Items", Navigate to Vulnerability Response > Vulnerable Items > All , Option 2 (workaround recommended for organization with large volumes of VIs): In the navigator, search for "Vulnerable Items", Navigate to Vulnerability Response > Vulnerable Items > Critical and High Risk , Option 3 (workaround when navigation menu items are not available, ): Navigate to 'sn_vul_vulnerable_item.list' Fill in the condition builder as below Run the FilterThe list of active VIs with no remediation target will then show. Play 2 – Fix Play - Check for scheduled job What this Play is about Check if the scheduled job for evaluating the remediation target rules and applying the remediation target dates to VIs Required tasks Navigate to System System Definition à Scheduled Jobs à Scheduled JobsFilter for the job “Evaluate remediation targets”Check if the job is activeVulnerability Response > Administration> Remediation Target RulesCheck the conditions and the number of days in each rule to ensure that these are set according to the business requirementCheck the active flag is correctly set on the rules Play 3 - Fix Play - Setup remediation target rule What this Play is about If there are records Setup a remediation target rule for update with a long duration Required tasks Task 1 Navigate to Vulnerability Response > Administration> Remediation Target Rules Click New Provide the name & longest remediation target for any VIClick on Submit Play 4 - Troubleshooting remediation target rule issues What this Play is about This play lists the typical reasons for failure in updating remediation target even though there is an appropriate remediation target rule. Required tasks Check if the rule is active The number of days before due date to notify use about the target, should be positive The number of target days for the rule should be less than or equal to 1000 Data Governance What this Play is about Monitor and maintain the VI remediation target data Required tasks Regularly execute play 1 to review if any VI records without remediation target exists after the run of “Evaluate remediation targets” scheduled jobsSetup a process to review and fine tune remediation target rules on a regular basis Congratulations You have completed this Product Success Playbook.