Manage remediation tasks without assignment group Product Success Playbook Manage remediation tasks without assignment group A step-by-step guide to analyze and remediate Vulnerability Response data Table of Contents Summary Goal of this Playbook Audience Problem Overview Executive Summary How this playbook can help you achieve business goals How this playbook is structured Problem Analysis Upstream Causes Downstream Consequences Impact on Your Business Engagement Questions Remediation Plays Summary Play 1: Review your data Play 2: Analyze your CI records Play 3: Fix Play Data Governance References Summary Goal of this Playbook Remediation tasks missing assignment configuration result in these tasks to remain unaddressed and impacts the effectiveness of vulnerability remediation. This playbook helps in identifying and fixing this issue. Details about this playbook Author Bibu Elias Punnachalil Reviewer Siva Reddy Mallu Date 23/12/2022 Addresses HSD # HSD0010227 Applicable ServiceNow Releases All Releases Prerequisites Time Required Approximately 1 to 8 hours (depending on your environment) Audience Vulnerability Administrator, Vulnerability Analysts, Remediation teamsServiceNow Administrator Problem Overview As organizations continue to be exposed to fast growing volumes of vulnerabilities, it is critical for their risk profile that remediation tasks be assigned to Remediation teams so they can be addressed. Due to issues in configuration or improper process, remediation tasks may not be automatically/manually assigned to a group. Executive Summary How this playbook can help you achieve business goals This playbook emphasizes or reinforces the need to ensure that the assignment group field is populated in remediation tasks and provides a long-term solution to avoid the issue. This will in turn ensure that Vulnerabilities are forwarded to remediation teams for action and will contribute to improving the vulnerability profile of you organization. How this playbook is structured This Playbook will guide you through 4 plays. Play 1 (a review data play) helps you review remediation tasks without assignment group.Play 2 (an analysis play) analyze the reasons for remediation tasks without assignment group.Play 3 (a remediation play) provides remediation steps required to fix remediation tasks without assignment group.Play 3 (a data governance play) lists the guidelines and processes for continuing to have remediation task with assignment group. Problem Analysis Upstream Causes Remediation tasks are created manually, and assignment group not filled in.Remediation Task Rules are not well defined.Configuration Item (CI) support group field is unpopulated Downstream Consequences Data Consequence Missing relationshipsPresence of non-actionable VIs Operational Consequence Remediation teams are unaware of actions to be taken to deal with vulnerabilities.Lack of remediation: deterioration of the vulnerability profile of the organization.Remediation teams will be assigned large volumes of work when the problem is fixed. App Consequence Dashboards & reports using the assignment group information for vulnerability response analysis will be of limited use. Impact on Your Business Remediation tasks without assignment group will leave your organization exposed and will negatively impact the effectiveness and efficiency of your Vulnerability Remediation teams, Vulnerability teams and audits. Security MTTR Slower response to vulnerability remediation. Audit/Compliance Incomplete VI data. Engagement Questions: Consider the answers to these questions: Is there a process in place to review and reconcile Vulnerable Items (VIs) with no Assignment Group(AG)?Is there an established relationship between the Vulnerability Respnsibility team and the Configuration Management team?Are there automated or manual processes that could delete or modify assignment group records?When the CMDB is updated, is the VR team informed? Remediation Plays SummaryThe table below lists and summarizes each of the remediation plays in the playbook. Details are included later. Play Name Review your data What this play is about Finding the remediation tasks with no assignment group Required tasks Use the report provided and get the details Analyze Play What this play is about Use Machine Learning for assignment recommendations Required tasks Install vulnerability assignment recommendation app Fix Plays What this play is about Create remediation rules with assignment group Required tasks Create new remediation rules and ensure that assignment group field is utilized Data Governance What this play is about Finding a long-term solution to prevent the issue from reoccurring Required tasks Engage with the Platform team to establish a process Play 1 - Review your data What this Play is about This play explains on how to list remediation tasks without assignment groups Required tasks In application navigator, navigate to Vulnerability Response à Remediation tasksà Active Change the filter to list the active remediation tasks without assignment group Click Run to list the tasksSort the records by Risk Score or Risk Rating to help prioritize remediation. Play 2 – Get assignment recommendations from Predictive Intelligence What this Play is about Machine learning can be used for Vulnerability Response Assignments. Required tasks Navigate to Vulnerability Response à Administration à Vulnerability Assignment RecommendationsIf this module is unavailable, navigate to System Applications -> All, type “sn_vul_recom” in the search filterand install it After activating the application navigate to Vulnerability Response à Administration à Assignment Recommendations Toggle the “Enable Assignment Recommendations” Play 3 - Fix Play What this Play is about Click on new remediation task rules with assignment section filled in Required tasks Navigate to Vulnerability Response à Administration à Remediation Task RulesClick NewEnsure that Assignment section is filled in correctly In case the CMDB is not having the support groups filled in, you may consider creating rules with direct assignment to user group Data Governance What this Play is about Monitor and maintain the remediation task rules with no assignment group Required tasks Regularly execute play 1 to review remediation tasks with no assignment groupSetup a process to review and fine tune remediation target rules on a regular basis References Reference Title Playbook on how to handle Vulnerable Items with no Assignment group Manage Vulnerability Items with no Assignment Group Playbook on ensuring remediation task rules has assignment configuration Handle no assignment configuration on Remediation Task Rules Congratulations You have completed this Product Success Playbook.