About the Deferral Count in Application Vulnerability Response ModuleIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } The 'deferral count' in the application vulnerability often shows '0' even though the AVIT was previously granted an exception.Steps to reproduce:1. Access the Application Vulnerability module2. Check the 'deferral count' for an AVIT that was previously granted an exception3. Observe that the 'deferral count' shows '0' despite the AVIT having an exception Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } NA Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } The deferred count is basically updated in two ways. 1. Run exception ruleshttps://instance.service-now.com/nav_to.do?uri=sys_script.do?sys_id=b13b35ab4309b5103564fbe2acb8f29e -> The above BR verifies if the AVIT was deferred via an auto exception rule or not. -> If the AVIT is not deferred via an auto exception rule that we define in the table:sn_vul_auto_exception_rule for AVIT, then the defer_count will not get incremented. 2. Set deferral countshttps://instance.service-now.com/nav_to.do?uri=sysauto_script.do?sys_id=708b541cc70c51107393ec22c7c26070 The above job is calling a script includeVulnerabilityStateChangeManagerhttps://instance.service-now.com/nav_to.do?uri=sys_script_include.do?sys_id=d860bf3d9f13120034c6b6a0942e7089> This function is getting called from above SI: setDeferralCounts> In the above function, we are querying the data as below.gr.addEncodedQuery("vul_table_name=" + table + "^desired_state=" + sn_vul.VulnerabilityStateChangeManager.STATES.DEFERRED + "^approval_state=" + sn_vul.VulnerabilityStateChangeManager.APPROVAL_STATE.APPROVED)> The above query is happening on this table "sn_vul_change_approval"> Now the records has to satisfy the condition("^approval_state=" + sn_vul.VulnerabilityStateChangeManager.APPROVAL_STATE.APPROVED)) in the query. > If the records are deferred by any other method, like policy exceptions. The defer count will not get updated. > As per the above job "set deferral counts", it is only applicable to few tables as below."sn_vul_vulnerable_item","sn_vul_app_vulnerable_item","sn_vul_container_image_vulnerable_item","sn_vul_vulnerability"However, if the AVIT is deferred via policy exception, the data is not getting stored in 'sn_vul_change_approval', and the defer count is not getting updated