Consolidated page of all release notes for Now Assist for Vulnerability Response from Zurich to Australia.
How to use this page
To help you prepare for your upgrade, we have combined the cross-family Now Assist for Vulnerability Response release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Zurich to Australia.
Tip: If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."
Important information for upgrading Now Assist for Vulnerability Response to Australia
Before you upgrade to Australia, review these pre- and post-upgrade tasks and complete the tasks as needed.
| Release |
Release notes |
Zurich |
The following Now Assist skills for Now Assist for Vulnerability Response
are activated by default.
- Recommend preferred solution for VIT
(VR)
- Vulnerable item de-duplication (VR)
- Approval Recommendation (VR)(USEM)
- Security Exposure Management (SEM) Insights (VR)(USEM)
- SPC Setup Connector (Security Posture Control)
When you update the Now Assist for Vulnerability Response application, the dependency applications are automatically updated.
For more information about required applications for Now Assist for Vulnerability Response, see Supporting information.
|
Australia |
No updates for this release. |
New features
Between your current release family and Australia, new features were introduced for Now Assist for Vulnerability Response.
| Release |
Release notes |
Zurich |
- Zurich Patch 5
- Retrieve Vulnerability Response data
- Chat with an AI agent using natural language to retrieve host (Vulnerability Response) and Application Vulnerability Response (AVR) data in the Unified Security Exposure Management (USEM) and legacy Vulnerability Response workspaces.
- Zurich Patch 4
- Role configuration required for agentic workflows and AI agents
- Agentic workflows and AI agents included with Now Assist applications require additional security configuration. If you select Users with selected roles for your user access security controls for an agentic workflow or AI agent, you must add
the installed roles, or they won't execute. Data access settings must also include these roles. See the documentation for the agentic workflow or AI agent for the specific roles you must add. After the roles are configured, users must
have the specified role to invoke the agentic workflow or AI agent.
- Create a custom API service graph connector in the Security Posture Control (SPC) workspace
- Use generative AI to help your developers create SPC API connectors quickly with the Connector builder framework module in the SPC workspace. With a Now Assist skill that is included with the Now Assist for Vulnerability Response application, your developers have the option to automate steps in the Connector builder framework.
- Automate the steps for selecting API templates, populating request and header parameters, and response field mapping.
- Use your custom API connector to integrate with security tools and import asset data that is based on the unique requirements of your environment.
- Help your cybersecurity teams monitor your overall security posture and identify assets that are missing key security tools with the API connectors that you build.
See Creating your own API connector for more information and the required applications.
-
Generate insights to prioritize risks
- Use generative AI to provide contextual summaries, actionable recommendations, and quick links in the Security Exposure Management Workspace, helping you prioritize critical risks and accelerate remediation.
- Generate recommendation for approval impact analysis
- Use generative AI to provide on-demand recommendations to approve or reject a request directly from the Exception Change Approval record, enabling approvers to make fast, consistent decisions while reducing manual analysis
effort.
- Zurich Patch 2
- Granular roles
- The sn_vul_ai.write_rem_insights and sn_vul_ai.read_rem_insights granular roles have been added and are inherited by the sn_vul.vulnerability_admin and sn_vul.vulnerability_analyst roles automatically. These roles provide
you with more control over read and write access for the records on the Remediation Compliance Insights [sn_vul_ai_remediation_insights] caching table. The VR.System role also inherits these granular roles so background job
execution for the workflow can occur.
- Zurich Patch 1
- Identify duplicate vulnerable items
- Use generative AI to identify duplicates for your active host vulnerable items that are imported by your vulnerability scanners. Use generative AI reasoning with Now Assist to help your analysts differentiate between primary vulnerability items (VITs) and those VITs that are duplicates. Close duplicate VITs and move their associated detections automatically to the
primary VIT records.
- Identify preferred vulnerability solutions with Now Assist for Vulnerability Response
- Use generative AI to analyze available remediation options pulled from integrated third-party products like Red Hat, Tenable for Vulnerability Response, or internal solution management systems. Evaluate each option against the specific configuration item context, for example, the OS version or software version, and get recommendations for
the most viable fix for implementation.
- Zurich Early Availability
- Use agentic workflows
-
The assess vulnerability exposure agentic workflow enables vulnerability managers to determine your exposure to vulnerabilities.
- Determine your exposure to the most current Cybersecurity and Infrastructure Security Agency (CISA) known vulnerabilities in your environment and assess their potential impact to your configuration items (CIs) and
business services.
- Identify assets with Common Vulnerabilities and Exposures (CVEs).
- Determine the number of active VITs that correspond to CVEs. Create watch topics for VIT remediation.
The analyze vulnerability remediation status agentic workflow helps vulnerability managers to monitor and assess remediation target compliance.
- Track Service Level Agreement (SLA) compliance - Understand how effectively your organization is meeting remediation goals for vulnerabilities based on your SLAs.
- Analyze missed SLAs by severity, assignment group, and configuration item (CI) class - Pinpoint gaps in remediation by categorizing overdue VITs based on severity, assignment groups, and CI classes to enable targeted
interventions and smarter resource allocation.
|
Australia |
No updates for this release. |
Changes
Between your current release family and Australia, some changes were made to existing Now Assist for Vulnerability Response features.
| Release |
Release notes |
Zurich |
|
Australia |
No updates for this release. |
Removed
Between your current release family and Australia, some Now Assist for Vulnerability Response features or functionality were removed.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Deprecations
Between your current release family and Australia, some Now Assist for Vulnerability Response features or functionality were deprecated.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Activation information
Review information on how to activate Now Assist for Vulnerability Response.
| Release |
Release notes |
Zurich |
Install Now Assist for Vulnerability Response by requesting it from the ServiceNow Store.
|
Australia |
No updates for this release. |
Additional requirements
If any additional requirements were introduced or changed for Now Assist for Vulnerability Response we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Browser requirements
If any specific browser requirements were introduced or changed for Now Assist for Vulnerability Response we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Accessibility information
Review details on accessibility information for Now Assist for Vulnerability Response, such as specific requirements or compliance levels.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Localization information
If there are specific localization considerations for Now Assist for Vulnerability Response we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Highlight information
If there are specific highlight considerations for Now Assist for Vulnerability Response we have noted them here.
| Release |
Release notes |
Zurich |
Zurich Patch 5
- Review changes to Now Assist usage measurement. See the "Changed in this release" section below.
- Retrieve host (Vulnerability Response) and Application Vulnerability Response (AVR) data with the Retrieve VR Data agentic workflow.
- The Retrieve VR Data agentic workflow is supported in the Unified Security Exposure Management (USEM) and legacy Vulnerability Response workspaces.
Zurich Patch 4
- Some Now Assist skills are now turned on by default.
- Use generative AI to help you build custom API connectors in the Security Posture Control workspace.
- Additional role configuration is required for agentic workflows and AI agents included with Now Assist applications.
Zurich Patch 1
- Help analysts identify and remove duplicate host vulnerable items.
- Help analysts resolve remediation tasks with preferred vulnerability solutions from third-party vendors.
Zurich Early Availability: Help your vulnerability managers and analysts to resolve remediation tasks, assess your exposure to
vulnerabilities, and analyze metrics for remediation targets. Chat with AI agents in natural language from the Now Assist panel.
See Now Assist for Vulnerability Response for more information.
|
Australia |
No updates for this release. |