Xanadu |
- Identify Wiz Resource Types for import
-
Identify the Resource Types (assets) reported by Wiz in your environment on the Wiz Integration Resource Type configuration page in your ServiceNow AI Platform instance that you want to import.
The Resource Types that you select apply to all the primary Wiz vulnerability and compliance integrations except the Wiz Container Vulnerability Integration.
- Wiz Backfill Integrations
- Retrieve and process data stored on the Wiz Missing Assets [sn_vul_wiz_missing_asset] table for missing assets that were not processed by the primary compliance integrations with specialized Wiz Backfill Integrations.
- Test Results Backfill Integration
- Host Test Results Backfill Integration
- Issues Backfill Integration
The Wiz Backfill Integrations are activated by default.
- Wiz Host Test Result Vulnerability Integration
- Import test results associated with the resource type, VIRTUAL MACHINE with the Wiz Host Test Result Vulnerability Integration. This integration is activated by default.
- New Properties module
- Starting with v15.1 of Configuration Compliance, a new Properties module has been added to the navigation menu under the Administration section. This module enables direct modification of the
values, offering a user-friendly method to manage and update system properties directly from the interface.
- Customize the calculation of Age and Age closed durations of a test result
- Starting with v15.1 of Configuration Compliance, the Age and Age Closed durations of a test result can be configured to be calculated from the date in the Created, Opened, or First Found fields.
- Associating a Qualys Test with its Test Group
- You can associate a Qualys Test with its Test Group by enabling the sn_vulc.add_policy_as_key system property. This helps you to identify the Test Group to which a Test Result belongs to and differentiate Test records
with the same Test id that are associated with different Test Groups.
- Calculate the remediation target date of a remediation task with respect to the Last Opened date
- Starting with v15.1 of Configuration Compliance, you can customize the calculation of the remediation target date of a remediation task to be calculated with respect to the Last Opened date.
- Open the search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI
- Starting with v24.0.6 of Vulnerability Response, automatically open your search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI, by adjusting the application scope in the unified navigation bar to Vulnerability Manager Workspace or IT Remediation Workspace respectively. These application scopes are available to you based on your assigned role.
- Vulnerability Manager Workspace access to the sn_vulc.read role
- Starting with v24.0.6 of Vulnerability Response, as a user with the sn_vulc.read role, you can view the test results in the Vulnerability Manager Workspace.
- Navigate to the List page in the Vulnerability Manager Workspace or IT Remediation Workspace by selecting the links from the All menu
- Starting with v24.0.6 of Vulnerability Response, when you enable the 'sn_vul_cmn_ws.navigate_to_workspace' system property, selecting predefined filter links in the Configuration Compliance module from the 'All' menu will automatically open these
links in the List page in the Vulnerability Manager Workspace or IT Remediation Workspace based on your role.
- Hide the record count on the lists in the Vulnerability Manager Workspace and IT Remediation Workspace
- Starting with v24.0.6 of Vulnerability Response, you can hide the record count on the lists in the List page of the Vulnerability Manager Workspace and IT Remediation Workspace by adding the table names to the glide.ui.list.seismic.omit.count system property.
- Enable automatic refresh for the Home page dashboard in the Vulnerability Manager Workspace
- Starting with v24.0.6 of Vulnerability Response, when creating and editing filters on the Configuration Test Results tab on the Home page of the Vulnerability Manager Workspace, you can configure the widgets to refresh automatically. Otherwise, you can manually refresh the widgets by selecting the Refresh button on the Configuration Test Results
tab.
- Re-evaluating remediation properties for all records in the Vulnerability Manager Workspace
- Starting with v24.0.6 of Vulnerability Response, you can evaluate the remediation properties for all the test results from the Configuration Test Results list by selecting the All items in the Record
selection field of the Re-evaluate remediation properties modal in the Vulnerability Manager Workspace.
- Re-evaluate remediation properties for test results in the Vulnerability Manager Workspace
- Select the test results conditionally for reevaluating the following remediation properties in Vulnerability Manager Workspace:
- Assignments
- Remediation tasks
- Remediation target date
- Exceptions (Vulnerability Response v24.0.6)
- Risk score
- Using bulk edit for test results in the Vulnerability Manager Workspace
- Perform the following tasks on multiple test results simultaneously or a remediation task in Vulnerability Manager Workspace:
- Populating additional information for the test results
- The Age, Age closed, Closed date, Active, and Last open date columns have been added in the test results table.
The test results that aren’t in the Closed state are marked as true in the
Active field. The Active field replaces the Result and State fields in the filter conditions of the default-saved filters across
the All menu, Configuration Compliance Overview, Unified, Cybersecurity Executive, and Health dashboards.
- CI compliance and test results compliance on a Test Group in the Vulnerability Manager Workspace
- View the percentage of CI compliance and test results compliance on a Test Group in Vulnerability Manager Workspace.
- Enabling or disabling the test results import for a Qualys test group in the Vulnerability Manager Workspace
- Enable or disable the import of test results for a Qualys test group in Vulnerability Manager Workspace.
- Updating Rollup weights section in the roll up calculators
- Other than the script format, an alternative approach of adding the weights in the Rollup Weights section for the rollup calculators has been introduced.
- Percentage test result compliance in the Discovered Items table
- The percentage of test results compliance of a CI is populated in the % Test Results Compliance column of the Discovered Item. To populate this value in the % Test Results Compliance column, set
calcTRComplianceForCI to true in the Update remediation metrics scheduled job.
- Quick Start Tests for Configuration Compliance
-
After upgrades and deployments of new applications or integrations, run quick start tests to verify that Configuration Compliance works as expected. If you customized Configuration Compliance, copy the quick start tests and configure them for your customizations.
|
Yokohama |
- Identify Wiz Resource Types for import
-
Identify the Resource Types (assets) reported by Wiz in your environment on the Wiz Integration Resource Type configuration page in your ServiceNow AI Platform instance that you want to import.
The Resource Types that you select apply to all the primary Wiz vulnerability and compliance integrations except the Wiz Container Vulnerability Integration.
- Wiz Backfill Integrations
- Retrieve and process data stored on the Wiz Missing Assets [sn_vul_wiz_missing_asset] table for missing assets that were not processed by the primary compliance integrations with specialized Wiz Backfill Integrations.
- Test Results Backfill Integration
- Host Test Results Backfill Integration
- Issues Backfill Integration
The Wiz Backfill Integrations are activated by default.
- Wiz Host Test Result Vulnerability Integration
- Import test results associated with the resource type, VIRTUAL MACHINE with the Wiz Host Test Result Vulnerability Integration. This integration is activated by default.
- Create remediation tasks manually in the Vulnerability Manager Workspace
- With the sn_vulc.admin role, you can create remediation tasks manually by selecting some or all the records in the Configuration Test Results lists in the Vulnerability Manager Workspace. These records are grouped into one or more remediation tasks according to the grouping criteria selected while creating remediation tasks.
- Create remediation tasks manually in the IT Remediation Workspace
- With the sn_vulc.remediation_owner role, you can create remediation tasks manually by selecting desired records in the Configuration Test Results lists in the IT Remediation Workspace. These records are grouped into one or more remediation tasks according to the grouping criteria selected while creating remediation tasks.
- View risk score details of a test result in the Work notes section
- Starting with v15.2.1 of Configuration Compliance, the system property sn_sec_cmn.risk_score_changes_add_worknotes is inactive by default. If you enable it, only then you can see all the changes related to the risk score
of a test result in the Work notes section. Additionally, the work notes are updated only if there’s a change in the risk score.
- Quick Start Tests for Configuration Compliance
-
After upgrades and deployments of new applications or integrations, run quick start tests to verify that Configuration Compliance works as expected. If you customized Configuration Compliance, copy the quick start tests and configure them for your customizations.
|
Zurich |
- Remediation task rule execution mode
- You can now choose how remediation task rules are evaluated during ingestion. The new Match First execution mode evaluates rules sequentially and applies only the first matching rule, assigning each finding to exactly one
remediation task. The default Match All mode continues to evaluate all applicable rules.
- Optimized Tenable.io Compliance Results ingestion
- Starting with v 6.1.3, the Tenable.io Compliance Results Integration is replaced by the Tenable.io Fixed Compliance Results Integration and Tenable.io Open Compliance Results Integration. Compliance results are now imported
based on their status, optimizing ingestion performance and scalability for environments with large volumes of compliance data while keeping remediation and compliance tracking aligned with the current state of findings.
- Qualys Integration – API enhancements
- Qualys Integration has been upgraded to support newer Qualys API versions across Host Detection, Host List, Knowledgebase, PC Controls, PC Policies, and PCRS integrations. The integrations now ingest additional data fields,
including vulnerability detection source, authentication privilege status, active status for controls and policies, and cloud metadata, giving you better visibility into your vulnerability and compliance data. Use the new
posture_api_version integration instance parameter to choose between the default v2.0 APIs or the newer v5.0 streaming APIs for the PCRS Policy Host and PCRS Test Results integrations.
- Unified Microsoft Defender Integration for Security Exposure Management
- The Microsoft Defender for Cloud and Microsoft Defender Threat and Vulnerability Management (MS TVM) plugins are now consolidated into a single plugin: Microsoft Defender Integration for Security Exposure Management. This
consolidation deprecates the standalone Microsoft Defender for Cloud plugin. The unified plugin also introduces container image vulnerability ingestion from Microsoft Defender for Cloud, creating Container Vulnerable Items on
your instance. A guided migration path is available to transfer existing data from the deprecated applications to the unified plugin.
- Enhancements to the Vulnerability Response Integration with Wiz
-
The Missing Assets [sn_vul_wiz_missing_asset] is deprecated. After updating to version 1.1, you must backdate your existing primary Wiz integrations by three days and run them.
The backfill integrations are activated by default.
After you backdate and run your integrations, the following backfill integrations are no longer required:
- Host Vulnerability Backfill Integration
- Test Results Backfill Integration
- Host Test Results Backfill Integration
- Issues Backfill Integration
The [is_ignored] column is deprecated for the Host Test Results and Test Results Integrations. This column was replaced by the [is_result_ignored] column.
Source severity is mapped to the Priority column on the Test Results [sn_vulc_result] table.
Resource type filters are on the Test Results, Issues, and Host Test Results configuration tabs on the Wiz Configuration page. You can add any of the resource types listed. Note:
If you configure resource types on the Resource Type Configuration tab, and you choose to configure parameters on the integration instance records, your configurations on integration instance take precedence over your
settings on the Resource Type Configuration tab. See Identify Wiz Resource types for more information.
Additional attributes imported from Wiz that are not stored in the Discovered items [sn_sec_cmn_src_ci] table are stamped with Asset Attributes in this table.
Test results from the Host misconfiguration integration are classified as result type 'host_misconfiguration'.
Data for resources that have the validated_at_runtime flag set to 'yes' is imported and populated on detections.
The is_ignored column is deprecated on the Host Test Results and Test Results Integrations. This column was replaced by the is_result_ignored column.
The CMDB internet-facing field on the discovered item is mapped to Limited Internet Exposure on findings.
Column length for the descriptions in the Host Vulnerability import table has been increased.
- Qualys parameter to ignore passed test results
- Starting with v15.2.5 of Configuration Compliance, the ignore_passed_result integration instance parameter for the Qualys Integration for Security Operations has been added.
This parameter is set to false by
default so that passed test results imported by Qualys are not ignored. Set the parameter to true to ignore passed test results on import. Note: If activated, this parameter does not impact
closure of the test results. For example, if you activate the parameter, and a failed test result from a previous import has since passed, it will be closed correctly.
- Identify Wiz Resource Types for import
-
Identify the Resource Types (assets) reported by Wiz in your environment on the Wiz Integration Resource Type configuration page in your ServiceNow AI Platform instance that you want to import.
The Resource Types that you select apply to all the primary Wiz vulnerability and compliance integrations except the Wiz Container Vulnerability Integration.
- Wiz Backfill Integrations
- Retrieve and process data stored on the Wiz Missing Assets [sn_vul_wiz_missing_asset] table for missing assets that were not processed by the primary compliance integrations with specialized Wiz Backfill Integrations.
- Test Results Backfill Integration
- Host Test Results Backfill Integration
- Issues Backfill Integration
The Wiz Backfill Integrations are activated by default.
- Wiz Host Test Result Vulnerability Integration
- Import test results associated with the resource type, VIRTUAL MACHINE with the Wiz Host Test Result Vulnerability Integration. This integration is activated by default.
- The Wiz Configuration Compliance (Test Results) and Issues Integrations
-
- Import configuration test results with the Wiz
Configuration Compliance Integration (Wiz Test Results) to detect non-compliant cloud configurations. Findings are mapped to cloud test results (CTRs) in the Configuration Compliance application to help you enforce security policies and standards across your cloud environment.
- Import data with the Wiz Issues Integration that can help you identify assets that are involved in toxic combinations of vulnerabilities and misconfigurations. These findings are also mapped to CTRs with Wiz
Issues labeled as the source to help you track and remediate assets that may pose complex multi-vector risks.
|
Australia |
- Compliance test uniqueness key
- You can now configure which identifier the system uses to uniquely match incoming Tenable compliance test records. Previously, compliance tests were identified by the check_id field, which caused records to be overwritten
when multiple tests shared the same control identifier. You can now select the identifier that best matches how your Tenable data is structured (compliance_control_id, check_id, or
compliance_functional_id), ensuring test records are accurately preserved during ingestion.
- Qualys parameter to ignore passed test results
- Starting with v15.2.5 of Configuration Compliance, the ignore_passed_result integration instance parameter for the Qualys Integration for Security Operations has been added.
This parameter is set to false by
default so that passed test results imported by Qualys are not ignored. Set the parameter to true to ignore passed test results on import. Note: If activated, this parameter does not impact
closure of the test results. For example, if you activate the parameter, and a failed test result from a previous import has since passed, it will be closed correctly.
- AWS Integration for Security Exposure Management
- The AWS Integration for Security Exposure Management supports integrations with the following AWS services:
- AWS Inspector is an automated vulnerability management service that continuously scans EC2 instances, ECR container images, and Lambda functions for software vulnerabilities (CVEs) and
unintended network exposure. The Vulnerability Response integration with AWS Inspector imports host and container vulnerability findings from AWS Inspector.
- AWS Security Hub is a security service that is used to centralize and update security checks across AWS accounts. It provides a unified view of security alerts and compliance status by integrating with various AWS services. The Vulnerability Response integration with AWS Security Hub imports host, container vulnerabilities, and misconfigurations from AWS Security Hub.
- Optimized Tenable.io Compliance Results ingestion
- Starting with v 6.1.3, the Tenable.io Compliance Results Integration is replaced by the Tenable.io Fixed Compliance Results Integration and Tenable.io Open Compliance Results Integration. Compliance results are now imported
based on their status, optimizing ingestion performance and scalability for environments with large volumes of compliance data while keeping remediation and compliance tracking aligned with the current state of findings.
- Qualys Integration – API enhancements
- The Qualys Vulnerability Integration has been upgraded to support newer Qualys API versions across Host Detection, Host List, Knowledgebase, PC Controls, PC Policies, and PCRS integrations. The integrations now ingest additional data fields, including vulnerability detection
source, authentication privilege status, active status for controls and policies, and cloud metadata, giving you better visibility into your vulnerability and compliance data. Use the new
posture_api_version
integration instance parameter to choose between the default v2.0 APIs or the newer v5.0 streaming APIs for the PCRS Policy Host and PCRS Test Results integrations.
- Unified Microsoft Defender Integration for Security Exposure Management
- The Microsoft Defender for Cloud and Microsoft Defender Threat and Vulnerability Management (MS TVM) plugins are now consolidated into a single plugin: Microsoft Defender Integration for Security Exposure Management. This
consolidation deprecates the standalone Microsoft Defender for Cloud plugin. The unified plugin also introduces container image vulnerability ingestion from Microsoft Defender for Cloud, creating Container Vulnerable Items on
your instance. A guided migration path is available to transfer existing data from the deprecated applications to the unified plugin.
- Remediation task rule execution mode
- You can now choose how remediation task rules are evaluated during ingestion. The new Match First execution mode evaluates rules sequentially and applies only the first matching rule, assigning each finding to exactly one
remediation task. The default Match All mode continues to evaluate all applicable rules.
|