Combined Now Assist for Vulnerability Response release notes for upgrades from Xanadu to Australia

How to use this page

To help you prepare for your upgrade, we have combined the cross-family Now Assist for Vulnerability Response release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Xanadu to Australia.

Tip:

If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

Important information for upgrading Now Assist for Vulnerability Response to Australia

Before you upgrade to Australia, review these pre- and post-upgrade tasks and complete the tasks as needed.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	For more information about required applications for Now Assist for Vulnerability Response, see Supporting information. Note: Upgrading the Now Assist plugins activate any designated skills that were previously untouched by the customer. If you have the plugins installed but never touched the configuration (never activated the skill nor adjusted associated roles) of a skill, any Default On skill will be activated on a per skill basis upon upgrading. If you have previously toggled a skill from active and then back to inactive or have updated any roles for that skill, that skill remains inactive upon upgrading. You maintain full control over deactivating individual skills at any time after activation.
Zurich	The following Now Assist skills for Now Assist for Vulnerability Response are activated by default. Recommend preferred solution for VIT (VR) Vulnerable item de-duplication (VR) Approval Recommendation (VR)(USEM) Security Exposure Management (SEM) Insights (VR)(USEM) SPC Setup Connector (Security Posture Control) When you update the Now Assist for Vulnerability Response application, the dependency applications are automatically updated. For more information about required applications for Now Assist for Vulnerability Response, see Supporting information.
Australia	No updates for this release.

New features

Between your current release family and Australia, new features were introduced for Now Assist for Vulnerability Response.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	Yokohama Patch 11 Role configuration required for agentic workflows and AI agents Agentic workflows and AI agents included with Now Assist applications require additional security configuration. If you select Users with selected roles for your user access security controls for an agentic workflow or AI agent, you must add the installed roles, or they will not execute. Data access settings must also include these roles. See the documentation for the agentic workflow or AI agent for the specific roles you must add. Some Now Assist skills are turned on by default The new default behavior works as follows: New customers: When you install a Now Assist product, designated skills are turned on automatically. Existing customers who are upgrading (starting with Yokohama Patch 11): Any previously unconfigured skill is turned on automatically (the skill was never configured and turned on, then turned off again). Previously configured skills that were turned on, then off, remain inactive. Use Now Assist for Vulnerability Response in Security Posture Control You have the option to use Now Assist to help you automatically complete some of the steps in the Connector builder in the Security Posture Control workspace. Use the Connector builder to create your own service graph connectors for Security Posture Control. Generate insights to prioritize risks Use generative AI to provide contextual summaries, actionable recommendations, and quick links in the Security Exposure Management Workspace, helping you prioritize critical risks and accelerate remediation. Generate recommendation for approval impact analysis Use generative AI to provide on-demand recommendations to approve or reject a request directly from the Exception Change Approval record, enabling approvers to make fast, consistent decisions while reducing manual analysis effort. Yokohama Patch 8 Granular roles The sn_vul_ai.write_rem_insights and sn_vul_ai.read_rem_insights granular roles have been added and are inherited by the sn_vul.vulnerability_admin and sn_vul.vulnerability_analyst roles automatically. These roles provide you with more control over read and write access for the records on the Remediation Compliance Insights [sn_vul_ai_remediation_insights] caching table. The VR.System role also inherits these granular roles so background job execution for the workflow can occur. Yokohama Patch 6 Identify duplicate vulnerable items Use generative AI to identify duplicates for your active host vulnerable items that are imported by your vulnerability scanners. Use generative AI reasoning with Now Assist to help your analysts differentiate between primary vulnerability items (VITs) and those VITs that are duplicates. Close duplicate VITs and move their associated detections automatically to the primary VIT records. Suggest vulnerability solutions Use generative AI to analyze available remediation options pulled from integrated third-party products like Red Hat, Tenable for Vulnerability Response, or internal solution management systems. Evaluate each option against the specific configuration item context, for example, the OS version or software version, and get recommendations for the most viable fix for implementation. Yokohama Patch 3 Use agentic workflows The Assess vulnerability exposure agentic workflow enables vulnerability managers to determine your exposure to vulnerabilities. Determine your exposure to the most current Cybersecurity and Infrastructure Security Agency (CISA) known vulnerabilities in your environment and assess their potential impact to your configuration items (CIs) and business services. Identify assets with Common Vulnerabilities and Exposures (CVEs). Determine the number of active vulnerability items (VITs) that correspond to CVEs. Create watch topics for VIT remediation. The Analyze vulnerability remediation status agentic workflow enables vulnerability managers to monitor and assess remediation target compliance. Track Service Level Agreement (SLA) compliance - Understand how effectively your organization is meeting remediation goals for vulnerabilities based on your SLAs. Analyze missed SLAs by severity, assignment group, and configuration item (CI) class - Pinpoint gaps in remediation by categorizing overdue VITs based on severity, assignment groups, and CI classes to enable targeted interventions and smarter resource allocation.
Zurich	Zurich Patch 5 Retrieve Vulnerability Response data Chat with an AI agent using natural language to retrieve host (Vulnerability Response) and Application Vulnerability Response (AVR) data in the Unified Security Exposure Management (USEM) and legacy Vulnerability Response workspaces. Zurich Patch 4 Role configuration required for agentic workflows and AI agents Agentic workflows and AI agents included with Now Assist applications require additional security configuration. If you select Users with selected roles for your user access security controls for an agentic workflow or AI agent, you must add the installed roles, or they won't execute. Data access settings must also include these roles. See the documentation for the agentic workflow or AI agent for the specific roles you must add. After the roles are configured, users must have the specified role to invoke the agentic workflow or AI agent. Create a custom API service graph connector in the Security Posture Control (SPC) workspace Use generative AI to help your developers create SPC API connectors quickly with the Connector builder framework module in the SPC workspace. With a Now Assist skill that is included with the Now Assist for Vulnerability Response application, your developers have the option to automate steps in the Connector builder framework. Automate the steps for selecting API templates, populating request and header parameters, and response field mapping. Use your custom API connector to integrate with security tools and import asset data that is based on the unique requirements of your environment. Help your cybersecurity teams monitor your overall security posture and identify assets that are missing key security tools with the API connectors that you build. See Creating your own API connector for more information and the required applications. Generate insights to prioritize risks Use generative AI to provide contextual summaries, actionable recommendations, and quick links in the Security Exposure Management Workspace, helping you prioritize critical risks and accelerate remediation. Generate recommendation for approval impact analysis Use generative AI to provide on-demand recommendations to approve or reject a request directly from the Exception Change Approval record, enabling approvers to make fast, consistent decisions while reducing manual analysis effort. Zurich Patch 2 Granular roles The sn_vul_ai.write_rem_insights and sn_vul_ai.read_rem_insights granular roles have been added and are inherited by the sn_vul.vulnerability_admin and sn_vul.vulnerability_analyst roles automatically. These roles provide you with more control over read and write access for the records on the Remediation Compliance Insights [sn_vul_ai_remediation_insights] caching table. The VR.System role also inherits these granular roles so background job execution for the workflow can occur. Zurich Patch 1 Identify duplicate vulnerable items Use generative AI to identify duplicates for your active host vulnerable items that are imported by your vulnerability scanners. Use generative AI reasoning with Now Assist to help your analysts differentiate between primary vulnerability items (VITs) and those VITs that are duplicates. Close duplicate VITs and move their associated detections automatically to the primary VIT records. Identify preferred vulnerability solutions with Now Assist for Vulnerability Response Use generative AI to analyze available remediation options pulled from integrated third-party products like Red Hat, Tenable for Vulnerability Response, or internal solution management systems. Evaluate each option against the specific configuration item context, for example, the OS version or software version, and get recommendations for the most viable fix for implementation. Zurich Early Availability Use agentic workflows The assess vulnerability exposure agentic workflow enables vulnerability managers to determine your exposure to vulnerabilities. Determine your exposure to the most current Cybersecurity and Infrastructure Security Agency (CISA) known vulnerabilities in your environment and assess their potential impact to your configuration items (CIs) and business services. Identify assets with Common Vulnerabilities and Exposures (CVEs). Determine the number of active VITs that correspond to CVEs. Create watch topics for VIT remediation. The analyze vulnerability remediation status agentic workflow helps vulnerability managers to monitor and assess remediation target compliance. Track Service Level Agreement (SLA) compliance - Understand how effectively your organization is meeting remediation goals for vulnerabilities based on your SLAs. Analyze missed SLAs by severity, assignment group, and configuration item (CI) class - Pinpoint gaps in remediation by categorizing overdue VITs based on severity, assignment groups, and CI classes to enable targeted interventions and smarter resource allocation.
Australia	No updates for this release.

Changes

Between your current release family and Australia, some changes were made to existing Now Assist for Vulnerability Response features.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	Yokohama Patch 11 Changes to Now Assist usage measurement Some Now Assist skills are now turned on by default The following Now Assist skills for Now Assist for Vulnerability Response are activated by default. Recommend preferred solution for VIT (VR) Vulnerable item de-duplication (VR) Approval Recommendation (VR)(USEM) Security Exposure Management (SEM) Insights (VR)(USEM) SPC Setup Connector (Security Posture Control) The new default behavior works as follows: New customers: When you install a Now Assist product, designated skills are turned on automatically. Existing customers who are upgrading (starting with Yokohama Patch 11): Any previously unconfigured skill is turned on automatically (the skill was never configured and turned on, then turned off again). Previously configured skills that were turned on, then off, remain inactive.
Zurich	Zurich Patch 5 Changes to Now Assist usage measurement Starting with Zurich Patch 5, Now Assist usage measurement is transitioning from a 365-day look-back model to a 365-day burn-down model, with usage resetting at the contract anniversary date. For more information, refer to KB KB2704710: Now Assist Usage - Overview & New Measurement Logic. Zurich Patch 4 Some Now Assist skills are turned on by default The new default behavior works as follows: New customers: When you install a Now Assist product, designated skills are turned on automatically. Existing customers who are upgrading (starting with Zurich Patch 4): Any previously unconfigured skill is turned on automatically (the skill was never configured and turned on, then turned off again). Previously configured skills that were turned on, then off, remain inactive.
Australia	No updates for this release.

Removed

Between your current release family and Australia, some Now Assist for Vulnerability Response features or functionality were removed.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Deprecations

Between your current release family and Australia, some Now Assist for Vulnerability Response features or functionality were deprecated.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Activation information

Review information on how to activate Now Assist for Vulnerability Response.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	Install Now Assist for Vulnerability Response by requesting it from the ServiceNow Store.
Zurich	Install Now Assist for Vulnerability Response by requesting it from the ServiceNow Store.
Australia	No updates for this release.

Additional requirements

If any additional requirements were introduced or changed for Now Assist for Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Browser requirements

If any specific browser requirements were introduced or changed for Now Assist for Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Accessibility information

Review details on accessibility information for Now Assist for Vulnerability Response, such as specific requirements or compliance levels.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Localization information

If there are specific localization considerations for Now Assist for Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Highlight information

If there are specific highlight considerations for Now Assist for Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	Yokohama Patch 11 Review changes to Now Assist usage measurement. See the "Changed in this release" section below. Some Now Assist skills, agents, and agentic workflows are on by default. Additional role configuration is required for agentic workflows and AI agents included with Now Assist applications. Use Now Assist for Vulnerability Response with Security Posture Control to help you with Creating an API connector in the Security Posture Control workspace. Yokohama Patch 6 Help your analysts identify duplicate host vulnerable items and analyze available remediation options with generative AI skills with Now Assist for Vulnerability Response. Use Google Gemini and Anthropic Claude on AWS as AI model providers for Now Assist skills and AI agents in addition to Now LLM Service and Azure OpenAI. See Now Assist for Vulnerability Response for more information.
Zurich	Zurich Patch 5 Review changes to Now Assist usage measurement. See the "Changed in this release" section below. Retrieve host (Vulnerability Response) and Application Vulnerability Response (AVR) data with the Retrieve VR Data agentic workflow. The Retrieve VR Data agentic workflow is supported in the Unified Security Exposure Management (USEM) and legacy Vulnerability Response workspaces. Zurich Patch 4 Some Now Assist skills are now turned on by default. Use generative AI to help you build custom API connectors in the Security Posture Control workspace. Additional role configuration is required for agentic workflows and AI agents included with Now Assist applications. Zurich Patch 1 Help analysts identify and remove duplicate host vulnerable items. Help analysts resolve remediation tasks with preferred vulnerability solutions from third-party vendors. Zurich Early Availability: Help your vulnerability managers and analysts to resolve remediation tasks, assess your exposure to vulnerabilities, and analyze metrics for remediation targets. Chat with AI agents in natural language from the Now Assist panel. See Now Assist for Vulnerability Response for more information.
Australia	No updates for this release.