June Store Releases and Updates

Vulnerability Response

Version 14.0.6

Available on: Quebec, Paris, Orlando

New Features:

Auto-Close Stale Detections: The Auto-Close Stale Detections module helps you clean up Vulnerability Detections not recently found by your third-party scanner. Choose between last found, and asset last scanned dates, specify a number of days, and activate this feature, to automatically close Vulnerability Detections when they reach the specified threshold. This replaces the now deprecated Auto-Close Stale Vulnerable items module

Vulnerability Calculators: Risk Rule Calculators in Vulnerability Response and Application Vulnerability Response are now more configurable. Risk score calculators now allow for custom fields and weights to be included alongside parameters like Vulnerability Severity and Exploit skill level.

Enhancements:

Configurable Detection Key: Configure the uniqueness criteria for vulnerability findings for each third-party scanner integration [sn_vul_detection_key_config]. This controls how vulnerability findings (detections) are imported from each of your vulnerability assessment applications and consolidated into vulnerable items.

Background Job Framework: Enhancements to the common background job framework ensure that different job types are executed in a resource-optimized manner. Configure how jobs are processed in the Background Job Configurations module.

Solutions Deployment Metrics: A new job “Process Vulnerability Solution Metrics Queue”, and new fields “Metrics status” and “Metrics invalidated on” are added to the Solution table. This improves the performance of the updates to deployment metrics for a preferred solution. Updated solutions data are displayed on a related list on the vulnerability group forms.

Microsoft Security Response Center (MSRC): The API key for the Microsoft Security Response Center (MSRC) Solution integration is no longer mandatory.

Fixed:
This version contains a fair few fix updates on the tables Vulnerable Item, Vulnerability Group, Detections, and Integration Runs. For a detailed summary of what’s fixed in this release, please see the full release notes on the ServiceNow Store Vulnerability Response v14.0.6

Configuration Compliance (v12.1.3)

New Features:

Integration Run metrics: New tabs “Performance Statistics” and “Performance Reports” on the integration run record display important measurements for the integration run. This will help administrators monitor healthy integration performance, and troubleshoot during third-party API setup.

Enhancements:

Background Job Framework: Modifications to support the newly enhanced background job framework, stat ensures that jobs are executed in a resource-optimized manner.

Integration After-Import Processing: The events triggered on completion of an integration import transform are now compatible with any third-party scanner integration.

Vulnerability Response Integration with Veracode (v3.0.1)

New Features:

Veracode SAST Support: Ingest SAST findings to detect security risks in your applications and help you remediate these vulnerabilities. Just check the box “Include SAST” on the Veracode Configuration form.

Qualys Integration for Security Operations (v12.1.1)

New Features:

CI Lookup Rules: CI Lookup rules have been updated to include the Network Partition ID when matching with a Configuration Item by IP Address.

Vulnerability Response Integration with Tenable (v2.2.3)

New Features:

Backfill Vulnerabilities Integration: The new Backfill Vulnerabilities Integration for the Tenable.sc product imports any open and fixed vulnerabilities from the last seven days that might have been missed during an import.

Enhancements:

Authentication: Starting with version 14.0 of Vulnerability Response and version 2.2 of the Tenable Vulnerability Integration, you have two options for your authentication with the Tenable.sc product: API Key Authentication and User authentication. With these authentication options, you can continue using your FIPS compliant solutions with v5.12 and earlier of the Tenable product.

Tenable.sc Assets Query Filter Setup: The Tenable query filter you select in the Setup Assistant also applies to the Tenable.sc Assets Integration. Only the assets with vulnerabilities matching the conditions of the query filter are imported.

Tenable.io Assets Last Scan Time: For the Tenable.io assets integration, Last Scan Time is imported and updated only for assets that have vulnerabilities

Overlapping IP’s: Now you can control the Configuration Item lookup by IP Address, and enable the Network Partition to be used to identify different assets in overlapping IP ranges. An attribute on the integration instance controls this setting, and can be configured in the Setup Assistant.

Rapid7 Integration for Security Operations (v13.0.2)

New Features:

Rescan: The rescan option permits the remediation owners, analysts, and managers to initiate scans from vulnerability group, vulnerable item, third-party entry (TPE), and discovered item records. Target the scan command from your instance on specific vulnerabilities or configuration items so that you can verify the remediation you performed has fixed specific vulnerabilities.

For Fixed and Removed, see full Release Notes on the ServiceNow Store:

Vulnerability Response v14.0.6