my name is Joey Wasco I'm a technical consultant for Serna solutions and today I'm going to demonstrate the ServiceNow vulnerability response exception process this is also known as deferment inside ServiceNow so I'll be using deferment and exception interchangeably during this video this video will help explain how service now handles vulnerability to deferment and how it can be customized to fit your company's specific needs this area vulnerability exception is an important process and an enterprises security workflow because sometimes not all vulnerabilities should or need to be resolved and so an exception needs to be made for today's spotlight I'm on the New York release of ServiceNow with vulnerability response version 10.0 ServiceNow provides a simple out of box solution to vulnerability deferment giving a security analyst or a remediation user the ability to request an affirmance on either a vulnerable item or vulnerability group let's go ahead and take a look at some vulnerability groups here see we have one right here all right so as the user that I'm impersonating right now I'm looking at this vulnerability group and I see that it is for see here some uninstall the reference software so it looks like it's an uninstall let's take a look at the configuration items that it's referencing Windows Embedded point-of-sale looks like these are all similar and that there are currently c12 vulnerable items under this vulnerability group now that I've taken a look at this let's go ahead and assign it to Helga on the Windows Server patch team and she can go ahead and take a look at it from her side let's go ahead missed occasion and let's go ahead and impersonate yoga now that I've been personated Helga I'm gonna go ahead and look at the vulnerability response assigned to me module here and let's take a look at this vulnerability group from Hogue aside it looks like the windows server patch team should be taking responsibility for this CVE and like I said previously there are 12 vulnerable items here we did take a look at these so if we take a look at another one here it's just a Windows Embedded point of sale in this case I'm going to assume that these vulnerable items need to be deferred based on the information that I know as Helga and we're going to go ahead and click on the close defer button up here now this brings up a UI page this information here needs to be filled out in order for a deferment request to be submitted oftentimes this is where we see a lot of customization from clients looking for either additional fields to be added here or for additional functionality to help record from the deferment side what needs to be captured in order for a deferment request to be submitted and then approved for this out of box platform here what we have is two simple options deferred or closed for deferred if you choose that it brings up a date field this is also often customized to take into account schedules that need to be obeyed or date limitations such as no further than a year out for a deferment requests in this case let's go ahead and defer till April 8th reason we're gonna say risk accepted and we're gonna fill out some fields here a decommissioning deeds see now that these have been filled out we're gonna go ahead and click the submit button before we do take a note of the state on the vulnerability group here right now it's in the under investigation state once we hit submit you're gonna notice that this state turns into in review you'll also notice that all of the fields on this form here are actually grayed out these are now in read-only State and you can see here that is in the review state this is the notes that Helga put in and that the desired state which is going to end up up here if approved is deferred now that we've submitted this deferment request the only way that this is going to reopen is either by an approval or rejection form from the vulnerability exception group or from helga clicking reopen on this go ahead and impersonate Vince ëtil he has been assigned approvals on these vulnerability groups in this development instance if we take a look at his my approvals underneath the vulnerability response application you can see that we have a new approval request here for a vulnerability group 3:50 see here whoops for a vulnerability group 1086 so let's go ahead take a look you can see that it's requested and this is the information that was captured in that UI page the desire state is deferred desired stub state sub state is risk accepted we have the desired reason that he'll grip it in here and then the details from the vulnerability group so now that we've seen all this we can either approve or reject it and in this case we're going to go ahead and click approve approved these document the work done and approve so this is leveraging the out-of-the-box sis approval on a score approver table this is what we often see for catalog items and other approval records in the ServiceNow system this just links the UI page information that was surfaced on that approval record now that we've approved that let's go ahead and go back to alga and if we click on the vulnerability response module he'll that we were previously in we can see that that record is no longer visible reason being is that we have the state is not in awaiting implementation deferred closed or in review so if we remove that filter see that we have two groups assigned the one that we just worked on was I believe this one and we can see here that all 12 of these records are now in the deferred state we can see under the deferral tab here that these are deferred or will be deferred until April 8th one thing to note here is that there are two out of box notifications that are set up the notifications will go out seven days before this deferment expiration to the well then settle and anyone else in the vulnerability exception group notifying that this deferment is expiring soon and also upon expiration of the deferment when these are reopened it will notify the vulnerability exception team as well out of box that this deferment has expired and that this vulnerability group and these vulnerable items are now back in open state hopefully however in this case Hogan does our work and these can be closed out upon reopening or you can close them here now that we've taken a look on this side we can go ahead and see the workflow that actually allows this to execute on the background so I'm going to go ahead and go back to my own profile here I already have the tab open we're going to take a look at the workflow that runs this entire process now this is the baseline workflow that service note gives you this is often customized to allow for certain policies or restrictions that are put in place by the client that we're working with and this is very basic right now it just simply checks to see if an approval is necessary for the state change in this case deferments 18 change does need approval since it is needing approval it's going to go to this case to the vulnerability exception team as you can see here that team approves it it's going to go up and set the approval values on the vulnerability group and set it to the deferred State if it is rejected it's going to reopen that vulnerability group or vulnerable item and put that back in the queue essentially and that is the ServiceNow vulnerability exception process baseline I hope that you found this information helpful for more information about Serna solutions feel free to visit us at Serna solutions comm or contact us at the information on the screen thank you for watching and we hope to connect with you soon [Music]