• CI filtering for vulnerability assessments: You can now filter which configuration items are included in a vulnerability assessment using a condition builder.
• Business Application population on AVITs: AVITs created from SBOM assessment results now include Business Application information, helping you understand application impact and prioritize remediation.
• Priority roll‑down from vulnerability assessments: Updates to the priority of a vulnerability assessment now automatically roll down to associated VITs and AVITs, ensuring consistent prioritization based on the highest severity.

• The Universally Unique Identifier (UUID) that identifies detections for the Wiz Host Vulnerability integration will be mapped to a detection key.
  Note:

  This enhancement is supported for new customers only.

  For existing customers, the detection key for the Wiz Host Vulnerability integration is created using the combination of vulnerability, asset_id, and proof.

• You can configure the First parameter for the Wiz Asset Integration to help you resolve 504 errors. You can reduce the page size if you're having memory issues or generating errors. The default value is 500.

The Missing Assets [sn_vul_wiz_missing_asset] is deprecated. After updating to version 1.1, you must backdate your existing primary Wiz integrations by three days and run them.

The backfill integrations are activated by default.

Resource types filters are supported on the Host Vulnerability, Host Test Results, Test Results, and Issues tabs on the Wiz Configuration page.

Additional attributes imported from Wiz that are not stored in the Discovered items [sn_sec_cmn_src_ci] table are stamped with Asset Attributes in this table.

Test results from the Host misconfiguration integration are classified as result type 'host_misconfiguration'.

Data for resources that have the validated_at_runtime flag set to 'yes' is imported and populated on detections.

The is_ignored column is deprecated on the Host Test Results and Test Results Integrations. This column was replaced by the is_result_ignored column.

The CMDB internet-facing field on the discovered item is mapped to Limited Internet Exposure on findings.

Column length for the descriptions in the Host Vulnerability import table has been increased.

Identify the Resource Types (assets) that are reported by Wiz that you want to import with the Wiz Integration Resource Type configuration page in your ServiceNow AI Platform instance.

The Resource Types that you select apply to all the primary Wiz vulnerability and compliance integrations except the Wiz Container Vulnerability Integration. See the Wiz Vulnerability Response Integrations for more information about the vulnerability and compliance integrations.

Retrieve and process data stored on the Wiz Missing Assets [sn_vul_wiz_missing_asset] table for assets that were not processed by the primary Host Vulnerability Integration with a specialized Wiz Backfill Integration.

The Host Vulnerability Backfill Integration is activated by default.

• Collaboration and streamlined approval: Facilitate collaboration between your vulnerability management and remediation teams by streamlining the approval process with clear and complete exception justifications.
• Mandatory questionnaires: Block the submission of exception requests until mandatory questionnaires are completed. If a questionnaire is marked as mandatory, the test results and its associated remediation tasks remain in the 'Open' state until the questionnaire is completed and submitted.
• If the questionnaire is incomplete, the state change approval record is saved as 'Draft'. Only after completing the questionnaire can the user submit the exception request, which will then move the test results or remediation tasks to the 'In Review' state.

• Background job enhancements: New fields have been added to help you view successfully evaluate records, the time taken for processing, the time remaining, and an estimated number of records.
• Improved accuracy for non-CSDM Vulnerability Response users: A system property (sn_sec_cmn.ci_lifecycle_status_source) has been introduced to help users who do not follow Common Service Data Model (CSDM) standards. This property verifies that Discovered items (DIs) and associated VITs are properly marked as Decommissioned and are excluded from the CI Lookup. Additionally, the Retired Configuration Items PA indicator has been updated to accurately reflect CIs based on the decommissioning flags.
• The scheduled job to create reconcile unmatched discovered items feature is deprecated. You can "Reapply Look up Rules" for selected or filtered items in the discovered items table view.

• Importing vulnerabilities discovered by Tenable.cs in cloud hosts and container images into ServiceNow automatically.
• Enabling remediation workflows to triage, assign, and resolve the most critical vulnerabilities across cloud-native and containerized environments.
• Using the Setup Assistant to easily configure credentials and integration parameters—get started with minimal manual setup.
• Scheduling jobs to run periodically to import findings from Tenable.cs, create vulnerable items (for cloud hosts), create container vulnerable items and associate them with the relevant cloud resources and container image records.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Vulnerability Response works as expected. If you customized Vulnerability Response, copy the quick start tests and configure them for your customizations.

• Exception rules are reevaluated with nightly scheduled jobs.
• Vulnerable items that no longer match exception rule conditions are unlinked from remediation tasks.
• A deferred vulnerable item (VIT) is reopened if it doesn’t match any active exception rules.
• Exception rules don’t create remediation tasks. VITs are deferred directly and aren’t associated with a remediation task.