How are Vulnerable Items grouped by default in ServiceNow?

Vulnerable Items in ServiceNow are grouped by default by Vulnerability (CVE). The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. By utilizing CVEs, ServiceNow is able to effectively categorize and organize vulnerabilities that have been identified across various systems and configuration items.

This grouping by CVE allows organizations to prioritize and assess vulnerabilities based on industry-standard identifiers, facilitating more efficient vulnerability management. It ensures that analysts can easily identify and address vulnerabilities related to specific CVEs, which enhances the ability to remediate those vulnerabilities efficiently.

Grouping by CVE not only streamlines the process of vulnerability response but also aligns with best practices in vulnerability management, allowing teams to adequately track and remediate potential threats across their IT landscape. Other options, such as grouping by risk assessment, vulnerability type, or configuration item type, do not provide the same level of standardization and specificity that CVE-based grouping offers.