The October 2021 store release for ServiceNow® Security Operations includes a number of new features for Vulnerability Response, including a brand-new user experience.
New user experience for Vulnerability Response
The new user experience for ServiceNow® Vulnerability Response is built on a workspace that can be configured with the UI Builder. This allows administrators to use drag-and-drop or CSS to easily make changes. There are two different user interfaces available:
The Vulnerability Manager Workspace is designed to help monitor vulnerabilities and provide the right information for strategic assignment to IT for remediation. It includes new Watch Topics, which allows you to create groups of vulnerabilities you wish to monitor. This might include vulnerabilities with exploits, ones on certain types of assets, those that are overdue, or critical vulnerabilities that don’t yet have remediation tasks. You can also create your own Watch Topics. Each watch topic has a configurable dashboard to show things like how many CIs are included, or vulnerabilities by CI class. You can also see each vulnerable item (combo of one asset and one vulnerability) that makes up a Watch Topic.
You can create a remediation effort, or a group of remediation tasks, directly from a Watch Topic. This will generate a group of remediation tasks for all vulnerable items in a Watch Topic that aren't already in a remediation effort. There are four options for assignment—by assignment group, CI, vulnerability, or none (manual). This makes it easy to assign work in alignment with your IT organization.
For those involved in remediating vulnerabilities, the IT Remediation Workspace provides IT-focused information to prioritize and resolve vulnerabilities faster. An individual IT worker can see the tasks assigned to them by priority in their own landing page. This helps them focus on high-priority tasks first.
They can view the preferred solution as determined by Vulnerability Solution Management, other potential solutions such as hot fixes, and affected CIs for each remediation effort. From the workspace, you can create change requests in ITSM, link to existing change request, mark something as false positive, or request an exception to defer or accept a vulnerability. You can also trigger a rescan from the workspace if your organization uses Qualys, Tenable, or Rapid7 for vulnerability scanning. You can also see tasks assigned to “my group” that aren’t assigned directly to the individual.
Click here to see a demo of the new user experience.
Penetration testing import for Application Vulnerability Response
The next new feature is the ability to use penetration testing with ServiceNow® Application Vulnerability Response. This allows you to request, report, and remediate ethical hacking findings as part of vulnerability management. It starts with an application owner requesting a pen test assessment. They can do this via the Service Catalog, which will submit a request for scoping to your ethical hacking team. They can then create a test environment, test, and manually report findings as application vulnerable items.
These new application vulnerable items then follow standard processes, such as being assigned a risk score based on the severity of the weakness and the affected application. You can also use remediation target rules to assign expected remediation time frames, notifications, and escalations.
Flow Designer for approval workflows
Migrate your approval workflows to Flow Designer for greater flexibility. Until now, approval workflows in Vulnerability Response (used for things like exception handling) was based on the ServiceNow Workflow Editor. This had some limitations, including hard-coded groups and only two levels of approvers.
Using Flow Designer for your approval workflows will allow you to have different approval paths based on the type of vulnerability. You can also have different approval groups based on the process type, such as exceptions or false positives. And you can have dynamic approvers based on the vulnerability group. There are pre-built approval flows that you can configure for your organization, and Flow Designer makes it easy with no coding required.
Tenable.io integration for Configuration Compliance
If you’re using Tenable.io as your secure configuration assessment tool, you can now easily integrate it with ServiceNow® Configuration Compliance. Use Tenable to keep your CMDB up to date with any updates or changes found using the Tenable for Assets integration. (Note: This was already available for Vulnerability Response customers using Tenable.io.)
After a scan is run, configuration test failures are imported to ServiceNow for prioritization. Once Tenable.io data is in ServiceNow, standard Configuration Compliance processes are followed, including prioritizing test failures using the risk score calculator and creating ITSM change requests for asset owners directly from a test result group.
This integration is available from the ServiceNow Store.
