Vulnerability Response release notes

  • Release version: Australia
  • Updated June 5, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vulnerability Response release notes - Australia Release

    The ServiceNow Vulnerability Response application integrates security and IT teams to accelerate and streamline the remediation of critical vulnerabilities. The Australia release introduces significant enhancements and new integrations that improve data accuracy, integration capabilities, and system performance. This release is essential for customers aiming to unify vulnerability data, optimize remediation workflows, and leverage expanded cloud service integrations.

    Show full answer Show less

    Key Features

    • AWS Integration for Security Exposure Management: Supports AWS Inspector and AWS Security Hub, enabling import of host, container vulnerabilities, and misconfigurations for comprehensive cloud vulnerability management.
    • Central Vulnerability Database (CVDB): Introduces a unified, source-agnostic vulnerability data layer consolidating data from multiple sources with configurable, priority-based data reconciliation and full traceability, enhancing accuracy and auditability.
    • Background Job Configuration: Allows administrators to define the number of concurrent background jobs via a new tile in the Vulnerability Manager Workspace Admin console, helping to optimize system resource usage.
    • Wiz Asset Integration Enhancements: Asset integration is now optional and configurable by resource types, simplifying setup and preventing unnecessary data imports.
    • Unified Microsoft Defender Integration: Combines Microsoft Defender for Cloud and Microsoft Defender Threat and Vulnerability Management into a single plugin, supporting container image vulnerability ingestion and offering a guided migration path.
    • Enhanced Vulnerability Response CI Lookup Rules: Adds an "Applies to" field to distinguish between Application Vulnerability Response and Vulnerability Response rules, preventing conflicts during background job processing.
    • Optimized Tenable.io Compliance Results Ingestion: Splits ingestion by compliance status for improved performance and scalability in environments with large compliance data volumes.
    • Qualys Integration API Enhancements: Supports newer Qualys API versions and additional data fields, improving detail and visibility in vulnerability and compliance data.
    • Improved Vulnerability Assessment Workflows: Includes CI filtering, automatic population of Business Application info on AVITs from SBOM assessments, and priority roll-down to ensure consistent severity prioritization.
    • Remediation Task Rule Execution Modes: Introduces "Match First" mode to assign each finding to a single remediation task, in addition to the default "Match All" mode.
    • Enhanced Compensatory Controls: New vulnerable items linked to remediation tasks with approved compensating controls automatically inherit reduced risk ratings.

    Important Upgrade and Activation Information

    • Customers not upgrading to Unified Security Exposure Management (USEM) should install versions below v30.x and ensure compatibility with supported third-party integrations.
    • Vulnerability Response and related integrations are available via the ServiceNow Store; activation requires requesting and installing these apps from the Store.
    • Property name changes (e.g., assignment rule rerun property) require customer action to maintain expected functionality.

    What Customers Can Expect

    With this release, ServiceNow customers benefit from a more unified and accurate vulnerability data model, streamlined cloud integrations, enhanced performance controls, and improved remediation assignment workflows. These improvements enable faster, more precise vulnerability management and remediation prioritization, reducing risk and supporting compliance efforts. The release also simplifies integration setup and offers enhanced auditability and traceability across vulnerability data sources.

    The ServiceNow® Vulnerability Response application brings security and IT together to enable you to remediate your most critical vulnerabilities more quickly and efficiently. Vulnerability Response was enhanced and updated in the Australia release.

    Vulnerability Response highlights for the Australia release

    • The AWS Integration for Security Exposure Management supports integrations with AWS Inspector and AWS Security Hub.
    • The Central Vulnerability Database (CVDB) introduces a source-agnostic vulnerability data layer that consolidates data from multiple sources, improving accuracy and traceability.
    • Define the number of background jobs that run concurrently to reduce system resource consumption, with a new Background Job Configuration tile available in the Vulnerability Manager Workspace Admin console under the Others section.

    See Vulnerability Response for more information.

    Important:
    Vulnerability Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Vulnerability Response to Australia

    If you're currently using Vulnerability Response, and you do not intend to upgrade to Unified Security Exposure Management (USEM), install a version below v30.x of Vulnerability Response and for upgrades to supported third-party integration applications.

    For more information about the released versions of the Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Australia release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base

    New in the Australia release

    Unified Microsoft Defender Integration for Security Exposure Management
    The Microsoft Defender for Cloud and Microsoft Defender Threat and Vulnerability Management (MS TVM) plugins are now consolidated into a single plugin: Microsoft Defender Integration for Security Exposure Management. This consolidation deprecates the standalone Microsoft Defender for Cloud plugin. The unified plugin also introduces container image vulnerability ingestion from Microsoft Defender for Cloud, creating Container Vulnerable Items on your instance. A guided migration path is available to transfer existing data from the deprecated applications to the unified plugin.
    AWS Integration for Security Exposure Management
    The AWS Integration for Security Exposure Management supports integrations with the following AWS services:
    • AWS Inspector is an automated vulnerability management service that continuously scans EC2 instances, ECR container images, and Lambda functions for software vulnerabilities (CVEs) and unintended network exposure. The Vulnerability Response integration with AWS Inspector imports host and container vulnerability findings from AWS Inspector.
    • AWS Security Hub is a security service that is used to centralize and update security checks across AWS accounts. It provides a unified view of security alerts and compliance status by integrating with various AWS services. The Vulnerability Response integration with AWS Security Hub imports host, container vulnerabilities, and misconfigurations from AWS Security Hub.
    Optimized Tenable.io Compliance Results ingestion
    Starting with v 6.1.3, the Tenable.io Compliance Results Integration is replaced by the Tenable.io Fixed Compliance Results Integration and Tenable.io Open Compliance Results Integration. Compliance results are now imported based on their status, optimizing ingestion performance and scalability for environments with large volumes of compliance data while keeping remediation and compliance tracking aligned with the current state of findings.
    Qualys Integration – API enhancements
    The Qualys Vulnerability Integration has been upgraded to support newer Qualys API versions across Host Detection, Host List, Knowledgebase, PC Controls, PC Policies, and PCRS integrations. The integrations now ingest additional data fields, including vulnerability detection source, authentication privilege status, active status for controls and policies, and cloud metadata, giving you better visibility into your vulnerability and compliance data. Use the new posture_api_version integration instance parameter to choose between the default v2.0 APIs or the newer v5.0 streaming APIs for the PCRS Policy Host and PCRS Test Results integrations.
    Vulnerability Data Management with Central Vulnerability Database (CVDB)
    The Central Vulnerability Database (CVDB) introduces a unified, source-agnostic vulnerability data layer that consolidates data from multiple sources into a single authoritative record, improving accuracy, consistency, and traceability. Key capabilities include:
    • Unified vulnerability record: Correlates vulnerability data from multiple sources, supports sources including National Vulnerability Database (NVD), scanner intelligence, European Union Vulnerability Database, Japanese Vulnerability Database, and vulnerability intelligence feeds.
    • Priority-based data reconciliation configuration:
      • Field-level priority: Ensures each attribute (e.g., CVSS, remediation, exploit status) can be configured from the most reliable provider.
      • Source-level priority: Applies a global ranking when field-level rules are not defined.
      • Hybrid model: Field-level rules take precedence, with source-level fallback; all source data is preserved for full traceability.
    • Source attribution and traceability: Maintains detailed source metadata, timestamps, and change history to ensure full auditability and transparency.
    • Data enrichment: Combines CVSS scores, exploit intelligence, and remediation guidance to provide a richer and more actionable vulnerability context.

    Changed in this release

    Vulnerability Response assignment rules
    The sn_vul.rerun_task_rules system property for rerunning assignment rules was changed to sn_sec_rem.rerun_task_rules. Users must activate this property (set to 'true') to rerun assignment rules.
    Improved vulnerability assessment workflows
    • CI filtering for vulnerability assessments: You can now filter which configuration items are included in a vulnerability assessment using a condition builder.
    • Business Application population on AVITs: AVITs created from SBOM assessment results now include Business Application information, helping you understand application impact and prioritize remediation.
    • Priority roll‑down from vulnerability assessments: Updates to the priority of a vulnerability assessment now automatically roll down to associated VITs and AVITs, ensuring consistent prioritization based on the highest severity.
    Remediation task rule execution mode
    You can now choose how remediation task rules are evaluated during ingestion. The new Match First execution mode evaluates rules sequentially and applies only the first matching rule, assigning each finding to exactly one remediation task. The default Match All mode continues to evaluate all applicable rules.
    Enhanced Compensatory controls
    When new vulnerable items are ingested and associated with a remediation task that already has an approved compensating control, the reduced risk rating is now automatically inherited by those new vulnerable items.

    Activation information

    Install Vulnerability Response and supported third-party integrations by requesting them from the ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.