Vulnerability Response release notes

  • Release version: Washingtondc
  • Updated April 9, 2024
  • 6 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vulnerability Response Release Notes - Washington DC

    The Washington DC release of the ServiceNow® Vulnerability Response application enhances the ability to manage and remediate vulnerabilities efficiently. The updates include new features for crisis management, executive dashboards, and improved user interfaces designed to streamline vulnerability handling and increase security oversight.

    Show full answer Show less

    Key Features

    • Vulnerability Crisis Management: Introduces a workflow for handling vulnerability crises effectively.
    • Cybersecurity Executive Dashboard: Provides a comprehensive view of cybersecurity metrics and benchmarks.
    • Vulnerability Manager Workspace: Features a landing page for visual summaries and filtering of active vulnerabilities.
    • Custom Questionnaires: Allows users to tailor questionnaires for exception requests based on specific vulnerabilities.
    • Data Import Capabilities: Supports importing the Common Security Advisory Framework (CSAF) format via XML/JSON, enhancing vulnerability mapping.
    • Notifications and Reminders: Users can set reminders for false positives and exception requests to improve response times.
    • Bulk Actions: Enables simultaneous updates, requests, and assignments for multiple vulnerable items.
    • Enhanced Risk Management: Features for associating compensating controls and managing risk reduction requests have been added.

    Key Outcomes

    With the updates in the Washington DC release, ServiceNow customers can expect:

    • Improved visibility and management of vulnerabilities leading to quicker remediation.
    • Enhanced strategic decision-making through executive-level dashboards that aggregate security data across platforms.
    • Streamlined processes for exception handling and vulnerability assessments, enhancing operational efficiency.
    • Better integration capabilities with external systems for vulnerability data processing.
    • Overall improved accuracy and reliability of metrics, enabling informed cybersecurity strategies.

    The ServiceNow® Vulnerability Response application brings security and IT together to enable you to remediate your most critical vulnerabilities more quickly and efficiently. Version v22.0 of Vulnerability Response was enhanced and updated in the Washington DC release.

    Vulnerability Response highlights for the Washington DC release

    • Handle vulnerability crisis events through the Vulnerability crisis management workflow.
    • Access key metrics on vulnerabilities, misconfigurations and security incidents with industry and global benchmarks through executive-level monitoring of cybersecurity risks and initiatives and set targets through a new Cybersecurity Executive dashboard.
    • Get the overall summary of vulnerabilities with visualizations of all or prefiltered active vulnerabilities on the new Vulnerability Manager Workspace landing page.
    • Customize questionnaires for exception requests for a specific set of vulnerabilities.
    • Import the Common Security Advisory Framework (CSAF) format through XML/JSON file import, and map the solutions with the related vulnerabilities.

    See Vulnerability Crisis Management for more information.

    Important:
    Vulnerability Emergency Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Washington DC release

    Compose a script for vulnerable items or remediation tasks in the Approval Configuration form
    Compose a script in the Approval Configurations form for vulnerable items or remediation tasks on which an approval rule must be applied.
    View list of vulnerable items in the Vulnerability Manager Workspace
    View the list of active vulnerable items in the Vulnerability Manager Workspace using the active records count next to the View by drop-down in the Host vulnerabilities tab on the Home page.
    Open active vulnerable items list in classic UI from the Vulnerability Manager Workspace
    Navigate to the Classic UI's active vulnerable items list using the View Classic link in the Host Vulnerabilities tab on the home page of the Vulnerability Manager Workspace.
    Refresh a remediation task in the Vulnerability Manager and IT Remediation Workspaces
    Refresh a remediation task (VUL#) in the Vulnerability Manager and IT Remediation Workspaces to inspected if there are any additional records that belong to a remediation task.
    Updating the risk score in the Vulnerability Manager and IT Remediation Workspaces
    Update the risk score of a vulnerable item (VIT) using the Calculate Risk Score button in the Vulnerability Manager and IT Remediation Workspaces as per vulnerability calculators.
    Setting up questionnaire for exception requests based on condition
    Configure questionnaires based on conditions for exception requests.
    Displaying records in workspaces upon clicking the links in email notifications
    When links are clicked in an email notification, records open in Vulnerability Manager Workspace or IT Remediation Workspace based on the user’s role.
    Analysing the vulnerability landscape in the Vulnerability Manager Workspace
    View an overall summary of active vulnerabilities through visual representation of risk ratings, remediation progress, assignment group workloads, and records in remediation tasks.
    Acquiring the summary of a set of vulnerabilities using filters
    Display a summary of a set of active vulnerabilities by filtering those vulnerabilities on the Home page of the Vulnerability Manager Workspace.
    Associating compensating controls with a CVE and TPE for risk reduction in the Vulnerability Manager Workspace
    Associate relevant compensating controls with a Common Vulnerability Entry (CVE) and Third-party Entry (TPE), which can be used for reducing risk in the Vulnerability Manager Workspace.
    Disabling or enabling risk reduction requests in the Vulnerability Manager Workspace
    Enable or disable risk reduction requests for vulnerabilities related to a CVE or TPE in the Vulnerability Manager Workspace.
    Using bulk edit in the Vulnerability Manager Workspace
    Perform the following tasks on multiple host vulnerable items (VITs) and remediation tasks simultaneously in the Vulnerability Manager Workspace:
    Receiving notifications on false positive and exception requests
    Receive notifications and reminders on false positive and exception requests change approval records by setting approval expiry and reminder dates on the approval rules.
    Vulnerability Crisis Management
    View timestamps to see the last assessment of the events. The Assessment tab on the workspace is visible only when the new assessments are created. View the link to major security incidents on the Vulnerability Manager Workspace for vulnerable items.
    CISA Known Exploit Vulnerability (KEV) Integration
    Import the Common Security Advisory Framework (CSAF) format through XML/JSON file import, API calls, or advisories, and map the solutions with the related vulnerabilities.
    Cybersecurity Executive Dashboard
    Access a unified view of your organization's security landscape through the Cybersecurity Executive Dashboard, which consolidates data from various products from within the ServiceNow Security Operations suite.
    Quick start tests for Vulnerability Response.

    After upgrades and deployments of new applications or integrations, run quick start tests to verify that Vulnerability Response still works. If you customized Vulnerability Response, copy the quick start tests and configure them for your customizations.

    Update vulnerable items with data from last open detection (v21.1.2)

    Update vulnerable items with the most recent and accurate data from the last open detection by setting the system property sn_vul.show_last_open_detection to true. The vulnerable items' IP address, SSL, Port, Protocol, DNS name, NetBIOS name, and Description values are updated with the last open detection values during ingestion and the change of configuration item (CI) (Reapply of CI lookup rule). To apply this update to the existing VITs, execute the Update Last Open Detection Value To VITs scheduled job. This ensures that the last open detection values are correctly updated on all the existing VITs.

    Create auto-close rules (v22.0)
    Vulnerability Managers can use the advanced auto-close rule functionality to automatically close stale detections along with their corresponding vulnerable items.
    Solutions management improvements (v22.0)
    Performance improvements have been made for faster processing of non-Microsoft solutions.
    Generic framework to ingest data from any solution vendor (v22.0)
    A new generic framework has been introduced, leveraging the Common Security Advisory Framework (CSAF), to facilitate faster information exchange and processing through integrations. Leading software vendors offer the CSAF format for describing vulnerabilities and solutions. Solution data can be imported either through file upload or API integration.
    Exclude inactive installs from Exposure Assessment (v22.0)
    A new system property, sn_vul.filter_inactive_sw_installs, has been introduced to determine whether inactive software installations should be filtered out for exposure assessment. By default, the property is enabled in the base system. When the filter is enabled, only active installations are displayed.
    Prevent detections from getting converted into vulnerable items (v22.1.2)
    The Exclusion Rule feature in Vulnerability Response enables you to filter out low-priority vulnerabilities such as informational ones during ingestion, helping prevent the creation of vulnerable items. With this feature, only critical and high severity vulnerable items are created, thereby improving the overall performance of the product.
    Enhancements to the Unified Vulnerability Response Dashboard (v22.1.2)
    If you've created any exclusion rules, you can now access Exclusion Rule Reports on the Unified Vulnerability Response Dashboard.
    Enhanced Cybersecurity Executive Dashboard (v2.1.3)
    The Cybersecurity Executive Dashboard v2.1.3 includes the following enhancements:
    • Key metrics from Governance, Risk, and Compliance (GRC) that offers a comprehensive overview of your organization's cybersecurity posture.
    • Direct access to the GRC dashboard through the Cybersecurity Executive Dashboard for seamless navigation and integration of essential risk and compliance information.
    • Operational Technology metrics that provide a comprehensive security perspective across both IT and OT environments, facilitating thorough risk management and monitoring.
    • An enhanced user experience with an intuitive and distinguishable dashboard design that scales effectively to accommodate the evolving needs of your organization.
    • Improved accuracy and reliability in metrics to ensure that the data presented in the dashboards is accurate, supporting better decision-making and strategic planning.

    UI changes

    Watch topics page in the Vulnerability Manager Workspace
    Watch topics appear on the Watch topics page but not on the Home page of the Vulnerability Manager Workspace.

    Activation information

    Install Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.