Essential UpdateSet: Red Hat Integration switch to CSAF for VR Solution Management

Ravi Kanukollu · ‎12-22-2023

Fellow community members,

The Red Hat is no longer publishing the solutions in the CVRF format, having migrated to the new CSAF format. (https://access.redhat.com/articles/5554431) Hence, our Red Hat Integration is no longer bringing solutions in Solution Management. In response to this change, the ServiceNow Vulnerability Response Team has provided an 'UpdateSet' to ingest the solutions from the newly published CSAF RedHat API.

Action Required: Please follow the KB1580677 to import the Updateset to continue to ingest the RedHat Solutions

We understand the importance of the products we provide and are committed to making this transition as smooth as possible for you. If you encounter any challenges or have questions regarding this update, please do not hesitate to reach out to your account representative.

Regards,

Ravi Kanukollu

Product Management, SecOps

Martin Dewit · ‎12-22-2023

@Ravi Kanukollu FYI when I imported the update set from the KB, the start time did not change to 10-10-2023, so I had to add it as an additional update to the update set.

Nitesh Tolani · ‎12-22-2023

Hi @Martin Dewit ,

The KB has been updated with the latest update set. Please note that the Start time will change only if the existing Start time is greater than 10th October.

Martin Dewit · ‎02-15-2024

@Ravi Kanukollu @Nitesh Tolani

This has been included in the Feb 2024 release of VR, 21.0.3. Although the updates related to RedHat are slightly different than the update set included in KB1580677. It looks like it includes checks for cvrf vs. csaf.

Nitesh Tolani · ‎02-15-2024

Yes @Martin Dewit, that's correct! The Feb version supports both CVRF and CSAF formats.