Key Features

• Reevaluation capabilities: Users can reassess risk scores, assignments, remediation target dates, exceptions, and remediation tasks for vulnerable items directly from the Vulnerability Manager Workspace.
• Wiz Integration enhancements: Import and configure Wiz Resource Types for vulnerability and compliance data, with specialized backfill integrations to process missing asset data effectively.
• Scanner-based solutions: Automated creation of solution records from vulnerability scanners such as Tenable, Qualys, and Microsoft Threat and Vulnerability Management (MS TVM).
• Exposure assessment improvements: Automatic activation or deactivation of Common Vulnerability Entries (CVEs) based on recent updates or activity, with manual override options.
• Splitting detections: Ability to create unique vulnerable items for each vulnerability instance detected by Tenable and MS TVM scanners, allowing targeted remediation assignments.
• New Properties module: Simplified management of system properties through a user-friendly interface under Administration.
• Classification and CI handling: Upon deletion or deactivation of classification rules, discovered item classifications are cleared, and exceptions during CI creation are logged for transparency.
• Audit history for configuration items: Track changes to configuration items with detailed audit logs including previous and updated values and the responsible user.
• Customizable age calculations: Configure vulnerable item age metrics based on Created, Opened, or First Found dates.
• Workspace navigation and access: Search results can open directly in Vulnerability Manager or IT Remediation Workspaces, with role-based visibility enhancements for vulnerable items.
• UI enhancements: Options to hide record counts in lists, enable automatic dashboard refresh, and re-evaluate remediation properties for all vulnerable items in bulk.
• Common Security Advisory Framework (CSAF) updates: Optional scanner mapping for CSAF imports and support for multiple vendors via ROLIE feed integration.
• Performance improvements: Multithreaded scheduled jobs accelerate processing of vulnerable items and related records.
• Workflow modernization: Deprecated legacy workflows replaced by Flow Designer for approvals and state management, improving automation capabilities.
• Risk score transparency: Risk score adjustments are documented in the Notes section, showing calculator details and their impact on scores.
• Subscription changes: Vulnerability Crisis Management is now a separate subscription available via the ServiceNow Store and accessed through the Vulnerability Assessment workspace.
• Renaming: The Vulnerability Emergency Response plugin is renamed to Vulnerability Exposure Assessment.

Changes and Removals

• Deletion privileges for vulnerable items and source records have been restricted to specific granular roles, improving security controls.
• The Close button for remediation tasks has been removed from the Classic UI and relevant workspaces to streamline task management.

Practical Impact for ServiceNow Customers

With the Xanadu release, customers can expect smoother vulnerability remediation processes through enhanced reassessment tools, better integration with Wiz and scanners, and improved workspace navigation. The introduction of the Properties module and audit history support simplifies administration and tracking. Performance gains via multithreading and workflow modernization with Flow Designer increase operational efficiency. Additionally, tighter security controls around deletion privileges and clearer risk score documentation support governance and compliance requirements. Customers with appropriate subscriptions can also leverage new CSAF import flexibility and access Vulnerability Crisis Management as a standalone solution.