Configuration Compliance release notes
The ServiceNow® Configuration Compliance application enables you to prioritize and remediate the most critical configuration-related vulnerabilities in your environment quickly and efficiently. Configuration Compliance was enhanced and updated in the Xanadu release.
Configuration Compliance highlights for the Xanadu release
- Reevaluate the risk score, assignments, remediation target date, exceptions, and remediation task for a set of test results in Vulnerability Manager Workspace.
- View the percentage of CI compliance and test results compliance on a Test Group in Vulnerability Manager Workspace.
See Configuration Compliance for more information.
Important:
Configuration Compliance is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.
New in the Xanadu release
- Identify Wiz Resource Types for import
-
Identify the Resource Types (assets) reported by Wiz in your environment on the Wiz Integration Resource Type configuration page in your ServiceNow AI Platform instance that you want to import.
The Resource Types that you select apply to all the primary Wiz vulnerability and compliance integrations except the Wiz Container Vulnerability Integration.
- Wiz Backfill Integrations
- Retrieve and process data stored on the Wiz Missing Assets [sn_vul_wiz_missing_asset] table for missing assets that were not processed by the primary compliance integrations with specialized Wiz Backfill Integrations.
- Test Results Backfill Integration
- Host Test Results Backfill Integration
- Issues Backfill Integration
The Wiz Backfill Integrations are activated by default.
- Wiz Host Test Result Vulnerability Integration
- Import test results associated with the resource type, VIRTUAL MACHINE with the Wiz Host Test Result Vulnerability Integration. This integration is activated by default.
- New Properties module
- Starting with v15.1 of Configuration Compliance, a new Properties module has been added to the navigation menu under the Administration section. This module enables direct modification of the values, offering a user-friendly method to manage and update system properties directly from the interface.
- Customize the calculation of Age and Age closed durations of a test result
- Starting with v15.1 of Configuration Compliance, the Age and Age Closed durations of a test result can be configured to be calculated from the date in the Created, Opened, or First Found fields.
- Associating a Qualys Test with its Test Group
- You can associate a Qualys Test with its Test Group by enabling the sn_vulc.add_policy_as_key system property. This helps you to identify the Test Group to which a Test Result belongs to and differentiate Test records with the same Test id that are associated with different Test Groups.
- Calculate the remediation target date of a remediation task with respect to the Last Opened date
- Starting with v15.1 of Configuration Compliance, you can customize the calculation of the remediation target date of a remediation task to be calculated with respect to the Last Opened date.
- Open the search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI
- Starting with v24.0.6 of Vulnerability Response, automatically open your search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI, by adjusting the application scope in the unified navigation bar to Vulnerability Manager Workspace or IT Remediation Workspace respectively. These application scopes are available to you based on your assigned role.
- Vulnerability Manager Workspace access to the sn_vulc.read role
- Starting with v24.0.6 of Vulnerability Response, as a user with the sn_vulc.read role, you can view the test results in the Vulnerability Manager Workspace.
- Navigate to the List page in the Vulnerability Manager Workspace or IT Remediation Workspace by selecting the links from the All menu
- Starting with v24.0.6 of Vulnerability Response, when you enable the 'sn_vul_cmn_ws.navigate_to_workspace' system property, selecting predefined filter links in the Configuration Compliance module from the 'All' menu will automatically open these links in the List page in the Vulnerability Manager Workspace or IT Remediation Workspace based on your role.
- Hide the record count on the lists in the Vulnerability Manager Workspace and IT Remediation Workspace
- Starting with v24.0.6 of Vulnerability Response, you can hide the record count on the lists in the List page of the Vulnerability Manager Workspace and IT Remediation Workspace by adding the table names to the glide.ui.list.seismic.omit.count system property.
- Enable automatic refresh for the Home page dashboard in the Vulnerability Manager Workspace
- Starting with v24.0.6 of Vulnerability Response, when creating and editing filters on the Configuration Test Results tab on the Home page of the Vulnerability Manager Workspace, you can configure the widgets to refresh automatically. Otherwise, you can manually refresh the widgets by selecting the Refresh button on the Configuration Test Results tab.
- Re-evaluating remediation properties for all records in the Vulnerability Manager Workspace
- Starting with v24.0.6 of Vulnerability Response, you can evaluate the remediation properties for all the test results from the Configuration Test Results list by selecting the All items in the Record selection field of the Re-evaluate remediation properties modal in the Vulnerability Manager Workspace.
- Re-evaluate remediation properties for test results in the Vulnerability Manager Workspace
- Select the test results conditionally for reevaluating the following remediation properties in Vulnerability Manager Workspace:
- Assignments
- Remediation tasks
- Remediation target date
- Exceptions (Vulnerability Response v24.0.6)
- Risk score
- Using bulk edit for test results in the Vulnerability Manager Workspace
- Perform the following tasks on multiple test results simultaneously or a remediation task in Vulnerability Manager Workspace:
- Populating additional information for the test results
- The Age, Age closed, Closed date, Active, and Last open date columns have been added in the test results table.
The test results that aren’t in the Closed state are marked as true in the Active field. The Active field replaces the Result and State fields in the filter conditions of the default-saved filters across the All menu, Configuration Compliance Overview, Unified, Cybersecurity Executive, and Health dashboards.
- CI compliance and test results compliance on a Test Group in the Vulnerability Manager Workspace
- View the percentage of CI compliance and test results compliance on a Test Group in Vulnerability Manager Workspace.
- Enabling or disabling the test results import for a Qualys test group in the Vulnerability Manager Workspace
- Enable or disable the import of test results for a Qualys test group in Vulnerability Manager Workspace.
- Updating Rollup weights section in the roll up calculators
- Other than the script format, an alternative approach of adding the weights in the Rollup Weights section for the rollup calculators has been introduced.
- Percentage test result compliance in the Discovered Items table
- The percentage of test results compliance of a CI is populated in the % Test Results Compliance column of the Discovered Item. To populate this value in the % Test Results Compliance column, set
calcTRComplianceForCItotruein the Update remediation metrics scheduled job. - Quick Start Tests for Configuration Compliance
-
After upgrades and deployments of new applications or integrations, run quick start tests to verify that Configuration Compliance works as expected. If you customized Configuration Compliance, copy the quick start tests and configure them for your customizations.
UI changes
- Renamed the Is deprecated field in the Test Group form
- The Is deprecated field in the Test Group form is renamed to Is imported.
- Renamed the Mark Deprecated button to Disable imports in the Test Group form
- The Mark Deprecated button in the Test Group form is renamed to Disable Imports.
- Test Group mapping with Tests for Tenable and Microsoft Defender integrations
- The test groups are mapped with the Tests associated with the Tenable and Microsoft Defender integrations.
- View the test result compliance percentage of a CI in the Discovered Items list
- The percentage of the test results that are compliant with the tests associated with a Configuration Item (CI) is populated in the % Test Results Compliance column of the Discovered Item list. To populate this value in the %
Test Results Compliance column, set the
calcTRComplianceForCIparameter to true in the Update remediation metrics scheduled job.
Changed in this release
- Test result and remediation task state transitions
- Enhancements to policy audits for Security Posture Control verify that retired assets are not evaluated by activated policies. If the state of an asset transitions from Retired back to Active, it is included in the next policy evaluation.
- Non-zero risk score for passed test results
- The risk score is calculated for passed test results to determine how much risk is mitigated.
- Deprecated the privilege to delete a test result for the Admin role
- As an admin with the sn_vulc.admin role, you can’t delete a test result. This privilege is now given to the sn_vulc.delete granular role.
- Updates to the Risk Score calculation for a Remediation Task
- The average risk score of all the test results in a Remediation Task is considered for the risk score calculation of a Remediation task.
Removed in this release
- The Reason field in the Resolve modal has been removed for a remediation task in the classic UI, Vulnerability Manager Workspace, and IT Remediation Workspace.
- The Close button has been removed for a remediation task, in the classic UI, Vulnerability Manager Workspace, and IT Remediation Workspace.