Configuration Compliance release notes
Summarize
Summary of Configuration Compliance release notes
The ServiceNow® Configuration Compliance application helps you quickly prioritize and remediate critical configuration-related vulnerabilities. The Australia release introduces enhancements focused on integrations, ingestion optimization, and remediation management, enabling better visibility and control over your security posture.
Show less
Key Features
- AWS Integration for Security Exposure Management: Supports importing vulnerability findings and misconfigurations from AWS Inspector and AWS Security Hub, covering EC2 instances, container images, Lambda functions, and centralized AWS security alerts.
- Wiz Integration Enhancements: Import issues and test results from Wiz scanners, with improved asset integration that allows selective resource type import to avoid unnecessary data. Resource Type is no longer mandatory for configuration, simplifying setup.
- Tenable Compliance Test Uniqueness: Configure which identifier (compliancecontrolid, checkid, or compliancefunctionalid) is used to uniquely match Tenable compliance tests, preventing overwrites and preserving accurate test records.
- Qualys Integration Improvements: Added the ignorepassedresult parameter to exclude passed test results during import if desired, without affecting closure of previously failed tests. API upgrades support newer Qualys versions and incorporate additional vulnerability and policy data fields for enhanced visibility.
- Optimized Tenable.io Compliance Results Ingestion: Splits ingestion into Fixed and Open Compliance Results based on status to improve performance and scalability for large data volumes while maintaining accurate remediation tracking.
- Unified Microsoft Defender Integration: Combines Microsoft Defender for Cloud and Threat and Vulnerability Management plugins into a single plugin supporting container image vulnerabilities. A guided migration path is provided for existing users.
- Remediation Task Rule Execution Mode: Choose between Match First mode (assigns each finding to one remediation task by evaluating rules sequentially) and Match All mode (evaluates all matching rules), offering flexible remediation task assignment.
Important Upgrade and Activation Information
- If you do not plan to upgrade to Unified Security Exposure Management (USEM), install Configuration Compliance versions below v30.x and compatible third-party integrations.
- The Missing Assets [snvulwizmissingasset] table is deprecated; users of Vulnerability Response with Wiz integrations must backdate existing Wiz integrations by three days and run them after updating to version 1.1.
- Configuration Compliance and related integrations are available via the ServiceNow Store; installation requests must be submitted through the store.
These updates collectively enhance integration flexibility, data ingestion efficiency, and remediation workflow control, enabling ServiceNow customers to maintain a more accurate and manageable configuration compliance posture.
The ServiceNow® Configuration Compliance application enables you to prioritize and remediate the most critical configuration-related vulnerabilities in your environment quickly and efficiently. Configuration Compliance was enhanced and updated in the Australia release.
Configuration Compliance highlights for the Australia release
- The AWS Integration for Security Exposure Management supports integrations with AWS Inspector and AWS Security Hub.
- If you're currently using Configuration Compliance and you want to upgrade to Unified Security Exposure Management (USEM), see Unified Security Exposure Management (USEM) notes for more information about USEM and the Unified Security Exposure Management migration.
- Import Wiz issues and configuration test results from the Wiz scanners into test results in the Configuration Compliance application with the Vulnerability Response Integration with Wiz.
- With the sn_vulc.remediation_owner role, create remediation tasks manually in the IT Remediation Workspace.
- With the sn_vulc.admin role, create remediation tasks manually in the Vulnerability Manager Workspace.
See Configuration Compliance for more information.
Important information for upgrading Configuration Compliance to Australia
If you are currently using Configuration Compliance, and you do not intend to upgrade to Unified Security Exposure Management (USEM), install a version below v30.x of Configuration Compliance and for upgrades to supported third-party integration applications.
The Missing Assets [sn_vul_wiz_missing_asset] table used for storing assets imported by the backfill integrations for the Vulnerability Response Integration with Wiz is deprecated. If you are currently using the Vulnerability Response with Wiz integrations, after updating to version 1.1, you must backdate any of your existing Wiz primary integrations by three days and run them. Please review more information about the Wiz integration at SecOps articles on the Security Operations Community.
For more information about the released versions of the Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Australia release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base.
New in the Australia release
- Tenable compliance test uniqueness key
- You can now configure which identifier the system uses to uniquely match incoming Tenable compliance test records. Previously, compliance tests were identified by the check_id field, which caused records to be overwritten when multiple tests shared the same control identifier. You can now select the identifier that best matches how your Tenable data is structured (compliance_control_id, check_id, or compliance_functional_id), ensuring test records are accurately preserved during ingestion.
- Qualys parameter to ignore passed test results
- Starting with v15.2.5 of Configuration Compliance, the ignore_passed_result integration instance parameter for the Qualys Integration for Security Operations has been added.
This parameter is set to false by default so that passed test results imported by Qualys are not ignored.
Set the parameter to true to ignore passed test results on import.Note:If activated, this parameter does not impact closure of the test results. For example, if you activate the parameter, and a failed test result from a previous import has since passed, it will be closed correctly. - AWS Integration for Security Exposure Management
- The AWS Integration for Security Exposure Management supports integrations with the following AWS services:
- AWS Inspector is an automated vulnerability management service that continuously scans EC2 instances, ECR container images, and Lambda functions for software vulnerabilities (CVEs) and unintended network exposure. The Vulnerability Response integration with AWS Inspector imports host and container vulnerability findings from AWS Inspector.
- AWS Security Hub is a security service that is used to centralize and update security checks across AWS accounts. It provides a unified view of security alerts and compliance status by integrating with various AWS services. The Vulnerability Response integration with AWS Security Hub imports host, container vulnerabilities, and misconfigurations from AWS Security Hub.
- Optimized Tenable.io Compliance Results ingestion
- Starting with v 6.1.3, the Tenable.io Compliance Results Integration is replaced by the Tenable.io Fixed Compliance Results Integration and Tenable.io Open Compliance Results Integration. Compliance results are now imported based on their status, optimizing ingestion performance and scalability for environments with large volumes of compliance data while keeping remediation and compliance tracking aligned with the current state of findings.
- Qualys Integration – API enhancements
- The Qualys Vulnerability Integration has been upgraded to support newer Qualys API versions across Host Detection, Host List, Knowledgebase, PC Controls, PC Policies, and PCRS integrations. The integrations now ingest additional data fields, including vulnerability detection
source, authentication privilege status, active status for controls and policies, and cloud metadata, giving you better visibility into your vulnerability and compliance data. Use the new
posture_api_versionintegration instance parameter to choose between the default v2.0 APIs or the newer v5.0 streaming APIs for the PCRS Policy Host and PCRS Test Results integrations. - Unified Microsoft Defender Integration for Security Exposure Management
- The Microsoft Defender for Cloud and Microsoft Defender Threat and Vulnerability Management (MS TVM) plugins are now consolidated into a single plugin: Microsoft Defender Integration for Security Exposure Management. This consolidation deprecates the standalone Microsoft Defender for Cloud plugin. The unified plugin also introduces container image vulnerability ingestion from Microsoft Defender for Cloud, creating Container Vulnerable Items on your instance. A guided migration path is available to transfer existing data from the deprecated applications to the unified plugin.
- Remediation task rule execution mode
- You can now choose how remediation task rules are evaluated during ingestion. The new Match First execution mode evaluates rules sequentially and applies only the first matching rule, assigning each finding to exactly one remediation task. The default Match All mode continues to evaluate all applicable rules.
Activation information
Install Configuration Compliance and third-party integrations by requesting them from the ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.