October Store Releases and Updates

Vulnerability Response

Version 15.0.2

Available on: Rome, Quebec

New Features:

New UI/UX: A new, modern user experience in the Vulnerability Response application with two workspaces:

·      Vulnerability Manager Workspace: Available for users with the roles sn_vul.vulnerability_admin, sn_vul.vulnerability_analyst, and sn_vul.exception_approver

·      IT Remediation Workspace: Available for users with the sn_vul.remediation_owner role

Both workspaces are built with the Now Experience Framework. The workspaces are controlled by the Experiences Vulnerability Analysis (vr-analysis) and VR Remediation Owner Workspace (vr) respectively, and can be configured in the UI Builder.

Penetration Testing: New for Application Vulnerability Response, request a penetration test assessment for an application. Record Application and scope details, and capture Application Vulnerabilities in Penetration Test findings, to report the security posture of the application as a part of DevOps or Compliance processes.

Exception Management Configurability: The exception management approval approval process has been migrated from workflow to flow designer. The “Exception Rule Approval” flow will now be used to approve exception requests for exception management, exception rules, and false positive in VR.

• If you are a first-time VR user, the flow designer is enabled by default.
• Existing users can enable the flow designer using the system property sn_vul.flow_designer_activation.

Vulnerability Classification Rules: Create vulnerability classification rules to automatically categorize vulnerability entries based on the type of Application or Platform. This enables assignment of the vulnerabilities to the correct IT team for their remediation. In addition, it also allows reporting of vulnerability status and exposure based on the type of Application and operating system.

New fields “Classification” (classification), “Classifcation type” (classification_type), and “Classification rule” (classification_rule), have been added to the Vulnerability Entry [sn_vul_entry] table, and are inherited by the National Vulnerability Database Entry [sn_vul_nvd_entry] and Third-party Entry [sn_vul_third_party_entry]. Vulnerability Classification Rules can be used to set values to these new fields, as well as any other field using Templates.

Configuration Item Lifecycle: If the status of a Configuration Item is changed to “retired” in the CMDB, you can choose to automatically close the associated VIs. The Vulnerability Response Auto Close Configuration module now includes a “Configuration Item Lifecycle” setting.

• To automatically close the associated VIs, enable the option to auto-close VIs that are associated with retired CIs.
• The retired CI is eventually archived or permanently deleted from the CMDB.

Enhancements:

New UX Labels: Table labels for vulnerability groups and vulnerability group rules have changed. This change applies to labels on lists, records, and rules in the classic UI and in the workspaces introduced in this release.

• Vulnerability groups (VGs) are labeled Remediation Tasks. Task records are still prefaced with VUL.
• Vulnerability group rules are labeled Remediation Task Rules. These rules work just like vulnerability group rules did in previous versions, and you still have access to your existing rules.
• Table names such as [sn_vul_m2m_vul_group_item] have not changed.

Application Vulnerable Item States: Resolve, Close, and Reopen UI actions are available for application vulnerable items in Application Vulnerability Response.

Configuration Compliance (v12.1.3)

New Features:

Tenable.io Integration: Verify that your assets are in compliance with your policies and controls with imports from the Tenable.io product. The Tenable.io product in the Tenable Vulnerability Integration imports policies, controls (test results), and configuration tests for processing in the Configuration Compliance application.

Performance Analytics for Vulnerability Response (v12.1.0)

New Features:

Penetration Testing Reports: Two new indicators and widgets have been added to support reporting and dashboards for Penetration Testing:

·      Penetration Test Findings in Validation Pending State

·      Overdue Penetration Test Findings

Enhancements:

Authentication: Replaced assignment group-related reports with a standard report for performance improvement in the Vulnerability Management Performance Analytics (PA) Dashboard. You have the option to add any reports back to the dashboard at any time.

Vulnerability Response Integration with Veracode (v3.1.0)

Certified for release: Dependencies updated, no other changes

Qualys Integration for Security Operations (v12.2.2)

New Features:

Enhanced Metadata: Added support to import impacted kernel, service or configuration metadata for detections. New fields added to Detections table:

·      Affects exploitable config (affect_exploitable_config)

·      Affects running kernel (affect_running_kernel)

·      Affects running service (affect_running_config)

Comprehensive Integration: Added new Integration to retrieve host and vulnerability data from Qualys. This integration is inactive by default. It is recommended to activate this integration to improve synchronicity between Qualys and ServiceNow over large volumes. The integration is configured to run weekly, and imports vulnerabilities from all states – New, Fixed, Active, and Reopened.

Enhancements:

Host Detection Integration: Changed the existing Qualys Host Detection Integration to bring in only new and closed detection. This change is done to improve the daily integration performance.

Vulnerability Response Integration with Tenable (v3.0.5)

New Features:

Tenable.io Integration for CC: Verify that your assets are in compliance with your policies and controls with imports from the Tenable.io product. The Tenable.io product in the Tenable Vulnerability Integration imports policies, controls (test results), and configuration tests for processing in the Configuration Compliance application.

Tenable.io Rescan: Initiate scans to confirm remediation for vulnerabilities identified by Tenable.io from your Now Platform instance.

Enhancements:

Synchronous API calls via MID Server: Introduced an Integration Instance Parameter “async_request”, false by default, to make the Tenable.sc API calls synchronously when using a MID server.

Rapid7 Integration for Security Operations (v13.1.1)

For Fixed and Removed, see full Release notes on the ServiceNow Store: Rapid7 Integration for Security Operations v13.1.1

Vulnerability Response Integration with Microsoft Threat and Vulnerability Management (v2.1.2)

Certified for release: Dependencies updated, no other changes

Vulnerability Response Integration with NVD (v1.1.0)

Enhancements:

CPE API Calls: Modifications to support changes to the CPE APIs done by NIST. These changes restrict CPE APIs by limiting date ranges to 120 days.
When you enter a start or end date for the optional parameters, you need to provide both the start and end dates.

For Fixed and Removed, see full Release Notes on the ServiceNow Store:

Vulnerability Response v14.0.6