Vancouver |
- Enhancements to the Unified Vulnerability Response Dashboard
- Starting with version 20.0, you can view the status on the EPSS scores attained by vulnerability entries, and external facing host vulnerable items on the Vulnerability Intelligence tab in
the Unified Vulnerability Response dashboard.
- Enhancements to the Software Bill of Materials applications
- Starting with version 20.0, you can view the vulnerability intelligence information about the Software Bill of Materials (SBOM) files that you upload in the SBOM Workspace dashboard. The following enhancements to
the applications help you view more detailed vulnerability data about your components:
- Import a version list for a given package (library) and the package intelligence for Stale and Abandoned components with the Deps.dev source API that is included with the SBOM Response application.
- Import the vulnerability intelligence information for a given version of a package with the OSV.dev open-source API that is included with the SBOM Response application.
- Import data with the third-party Snyk Vulnerability Insights integration to view information about how to fix the components.
- View the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) data for the components that are broken down by severity.
- CI Lookup Rules have moved
- Starting with version 19.0, you can find the CI Lookup Rules module at in your instance.
- Enhancements to the Software Bill of Materials applications
- The data model for SBOM, SBOM Core, and the SBOM Response applications that are required for the Software Bill of Materials product have the following enhancements. These changes are compatible with the version
19.0.6 of the Vulnerability Response:
- Data model for SBOM (version 1.0.4): The Display name field is new on the BOM Component table. This field uses the name and version as the displayed value of a component.
- SBOM Core (version 1.0.8): The BOM Entities related list is added on the component form. You can see all the BOM entities that the component is used in on this related list. You can manually upload the
BOM documents as expected.
- SBOM Response (version 2.0.6): The data model is updated so that it supports the Vulnerability Intelligence use case. The Discovered application and SBOM
component are two new fields that are displayed on the application vulnerable item (AVI) record.False positive and Request exception are
supported on the AVIs in the SBOM Workspace.
- Enhancements to the Software Bill of Materials applications
- View a list of the open source and third-party software components that include the transitive dependencies on a software bill of materials SBOM). Upload the SBOMs in the CycloneDX JSON format into your ServiceNow AI Platform:
- View the potential risks in your software projects.
- Identify the vulnerabilities in your components.
- Manage your risk exposure by creating and assigning application-vulnerable items automatically.
- Resolve the vulnerabilities with the Vulnerability Response workflow.
- Configuring assessment types for penetration testing
- Enhancements give you more options to match the testing requirements to sprint availability:
- Updates to the configuration page for effort estimation, assessment size, and assessment type let you enter more details about the testing requirements.
- Creating a request or copying and modifying the existing requests can be done directly from the Penetration Test Assessment Requests [sn_vul_pen_test_assessment_request] table.
- Additional fields for Vendor, Joint venture, and Business impact provide you with the options to record details about the third parties and the financial impact.
- Dashboards in the Vulnerability Manager Workspace.
- Starting with version 19.0 of Vulnerability Response, the Vulnerability Management (PA), CISO Dashboard, Vulnerability Approvals, Vulnerability Management, and Container Vulnerability Response dashboards are available in the Next Experience UI from Vulnerability Manager workspace.
- Viewing the dashboards in the IT Remediation Workspace.
-
Starting with version 19.0 of Vulnerability Response, the Vulnerability Remediation Dashboard is available in the Next Experience UI from IT Remediation workspace.
- Unified Vulnerability Response Dashboard from the Vulnerability Response Workspaces
- Starting with version 19.0 of Vulnerability Response, the Unified Vulnerability Response Dashboard is available from Vulnerability Response Workspaces. The centralized aggregated dashboard provides visibility from multiple vulnerability
scanners and security tools. The dashboard provides a comprehensive view of an organization's vulnerabilities and risks.
- Requesting exceptions for test result groups and Container Vulnerabilities from the Vulnerability Manager Workspace
- Starting with version 19.0, you can request exceptions for test result groups and Container Vulnerabilities from Vulnerability Manager Workspace.
- Requesting policy exceptions for test result groups and Container Vulnerabilities from the IT Remediation Workspace
- Starting with version 19.0, you can request policy exceptions for test result groups, test results, and Container Vulnerabilities from IT Remediation Workspace.
- Splitting remediation tasks for test results in the Vulnerability manager Workspace
- Starting with version 19.0, you can split remediation tasks for test results in Vulnerability Manager Workspace.
- Splitting remediation tasks containing test results in the IT Remediation Workspace
- Starting with version 19.0, you split remediation tasks for the test results in IT Remediation Workspace.
- Weekly and daily frequency for Recurring Remediation Effort
- Starting with version 19.0, you can schedule Recurring Remediation Efforts at daily and weekly frequencies in Vulnerability Manager Workspace.
- Explore the Vulnerability Assessment workspace
- The Vulnerability Emergency Response application is used by vulnerability event managers to address zero-day or critical vulnerabilities. By identifying the affected configuration items (CIs), vulnerability event
managers can respond by generating vulnerable items and assigning them to the remediation team for analysis. Some key features are
- Visibility to exposure from additional discovery model and assets
- Ability to perform standalone assessments for a single CVE or vulnerable software for critical vulnerabilities
- Automatic assessments of the Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog or Common-Platform Enumeration (CPE)-based assessment.
- Assess the exposure of your assets to zero-day vulnerabilities with Exposure assessment in the workspace.
- Use the Vulnerability Crisis Management workflow to handle vulnerability crisis events from creating a vulnerability assessment record, recording the key
attributes of the vulnerability to calculate risks, performing an assessment to identify exposure levels and engage stakeholders for immediately responding to vulnerabilities.
- Extension of a deferred vulnerable item before the due date
- Starting with version 20.0 of Vulnerability Response, you can request an extension for a deferred vulnerable item before the due date.
- Extension of a deferred vulnerable item before the due date in the Vulnerability Manager Workspace
- Starting with version 20.0 of Vulnerability Response, you can request an extension for a deferred vulnerable item before the due date from Vulnerability Manager Workspace.
- Extension of a deferred exception rule before the due date
- Starting with version 20.0 of Vulnerability Response, you can request an extension for a deferred exception rule before the due date.
- Extension of a deferred remediation task before the due date
- Starting with version 20.0 of Vulnerability Response, you can request an extension for a deferred remediation task before the due date.
- Adding compensating controls in Vulnerability Manager Workspace
- Starting from v20.0 of Vulnerability Response, you can add compensating controls to the Compensating Controls library in Vulnerability Manager Workspace.
- Reducing the risk using compensating controls on the exception management requests in IT Remediation Workspace
- Starting from v20.0 of Vulnerability Response, you can request a reduction in the risk rating for a vulnerable item or remediation task by using Compensating Controls from IT Remediation Workspace.
- Aggregated Reports Framework in Vulnerability Response Common
- Starting from v20.0 of Vulnerability Response, you can create reports by using the Aggregated Reports Framework that is provided in Vulnerability Response Common for better performance.
- Applying an exception rule on a deferred VI automatically
- Starting from v20.0 of Vulnerability Response, the Check Vulnerable Item and Groups Deferment Expiration system property checks if any exception rule is applicable on a deferred VI that is due and updates the
Reason and Until fields as per the exception rule.
- Accessing only the vulnerable items assigned to you and your group with the exception approver role
- For the exception approver role, sn_vul.exception_approver, the granular role, sn_vul.read_all, has been removed so that you can access the vulnerable items and remediation tasks assigned to you and your group
only.
- Adding the work notes for a deferred vulnerable item
- Starting from v20.0 of Vulnerability Response, you can add the relevant information in the Work Notes field for a deferred vulnerable item also.
- Eliminating the need for exception management of closed VIs
- Starting from v20.0 of Vulnerability Response, when a detection moves to the stale state, a closed VI remains in the closed state even though a new detection is identified. This change eliminates the need for requesting an
exception request or approval for the reopened vulnerable items.
- Set up a questionnaire for exception requests based on condition
- Starting from v20.0 of Vulnerability Response, you can set up a questionnaire for exception requests based on condition specified in the approval rule.
- Set up a questionnaire for false positive requests based on condition
- Starting from v20.0 of Vulnerability Response, you can set up a questionnaire for false positive requests based on condition specified in the approval rule.
- Set up a questionnaire for risk reduction requests based on condition
- Starting from v20.0 of Vulnerability Response, you can configure a questionnaire for risk reduction requests based on condition specified in the approval rule.
- Global search enabled for Vulnerability Response Workspaces
- Starting from v20.0 of Vulnerability Response, Global search is enabled for Vulnerability Response Workspaces.
- Receiving threat intelligence information from Qualys
- Starting from version 20.0 of Vulnerability Response, a new list Threat intel is included in the Third-Party Vulnerabilities Entries table.
- Quick Start Tests for Vulnerability Response
-
After upgrades and deployments of new applications or integrations, run quick start tests to verify that Vulnerability Response works as expected. If you customized Vulnerability Response, copy the quick start tests and configure them for your customizations.
|
Washington DC |
- Compose a script for vulnerable items or remediation tasks in the Approval Configuration form
- Compose a script in the Approval Configurations form for vulnerable items or remediation tasks on which an approval rule must be applied.
- View list of vulnerable items in the Vulnerability Manager Workspace
- View the list of active vulnerable items in the Vulnerability Manager Workspace using the active records count next to the View by drop-down in the Host vulnerabilities tab on the Home page.
- Open active vulnerable items list in classic UI from the Vulnerability Manager Workspace
- Navigate to the Classic UI's active vulnerable items list using the View Classic link in the Host Vulnerabilities tab on the home page of the Vulnerability Manager Workspace.
- Refresh a remediation task in the Vulnerability Manager and IT Remediation Workspaces
- Refresh a remediation task (VUL#) in the Vulnerability Manager and IT Remediation Workspaces to inspected if there are any additional records that belong to a remediation task.
- Updating the risk score in the Vulnerability Manager and IT Remediation Workspaces
- Update the risk score of a vulnerable item (VIT) using the Calculate Risk Score button in the Vulnerability Manager and IT Remediation Workspaces as per vulnerability calculators.
- Setting up questionnaire for exception requests based on condition
- Configure questionnaires based on conditions for exception requests.
- Displaying records in workspaces upon clicking the links in email notifications
- When links are clicked in an email notification, records open in Vulnerability Manager Workspace or IT Remediation Workspace based on the user’s role.
- Analysing the vulnerability landscape in the Vulnerability Manager Workspace
- View an overall summary of active vulnerabilities through visual representation of risk ratings, remediation progress, assignment group workloads, and records in remediation tasks.
- Acquiring the summary of a set of vulnerabilities using filters
- Display a summary of a set of active vulnerabilities by filtering those vulnerabilities on the Home page of the Vulnerability Manager Workspace.
- Associating compensating controls with a CVE and TPE for risk reduction in the Vulnerability Manager Workspace
- Associate relevant compensating controls with a Common Vulnerability Entry (CVE) and Third-party Entry (TPE), which can be used for reducing risk in the Vulnerability Manager Workspace.
- Disabling or enabling risk reduction requests in the Vulnerability Manager Workspace
- Enable or disable risk reduction requests for vulnerabilities related to a CVE or TPE in the Vulnerability Manager Workspace.
- Using bulk edit in the Vulnerability Manager Workspace
- Perform the following tasks on multiple host vulnerable items (VITs) and remediation tasks simultaneously in the Vulnerability Manager Workspace:
- Receiving notifications on false positive and exception requests
- Receive notifications and reminders on false positive and exception requests change approval records by setting approval expiry and reminder dates on the approval rules.
- Vulnerability Crisis Management
- View timestamps to see the last assessment of the events. The Assessment tab on the workspace is visible only when the new assessments are created. View the link to major security incidents
on the Vulnerability Manager Workspace for vulnerable items.
- CISA Known Exploit Vulnerability (KEV) Integration
- Import the Common Security Advisory Framework (CSAF) format through XML/JSON file import, API calls, or advisories, and map the solutions with the related vulnerabilities.
- Cybersecurity Executive Dashboard
- Access a unified view of your organization's security landscape through the Cybersecurity Executive Dashboard, which consolidates data from various products from within the ServiceNow
Security Operations suite.
- Quick start tests for Vulnerability Response.
-
After upgrades and deployments of new applications or integrations, run quick start tests to verify that Vulnerability Response still works. If you customized Vulnerability Response, copy the quick start tests and configure them for your customizations.
- Update vulnerable items with data from last open detection (v21.1.2)
-
Update vulnerable items with the most recent and accurate data from the last open detection by setting the system property sn_vul.show_last_open_detection to true. The vulnerable items' IP
address, SSL, Port, Protocol, DNS name, NetBIOS name, and Description values are updated with the last open detection values during ingestion and the change of configuration item (CI) (Reapply of CI lookup
rule). To apply this update to the existing VITs, execute the Update Last Open Detection Value To VITs scheduled job. This ensures that the last open detection values are correctly
updated on all the existing VITs.
- Create auto-close rules (v22.0)
- Vulnerability Managers can use the advanced auto-close rule functionality to automatically close stale detections along with their corresponding vulnerable items.
- Solutions management improvements (v22.0)
- Performance improvements have been made for faster processing of non-Microsoft solutions.
- Generic framework to ingest data from any solution vendor (v22.0)
- A new generic framework has been introduced, leveraging the Common Security Advisory Framework (CSAF), to facilitate faster information exchange and processing through integrations. Leading software vendors offer
the CSAF format for describing vulnerabilities and solutions. Solution data can be imported either through file upload or API integration.
- Exclude inactive installs from Exposure Assessment (v22.0)
- A new system property, sn_vul.filter_inactive_sw_installs, has been introduced to determine whether inactive software installations should be filtered out for exposure assessment. By default, the property is enabled in the base system. When the filter is enabled, only active installations are displayed.
- Prevent detections from getting converted into vulnerable items (v22.1.2)
- The Exclusion Rule feature in Vulnerability Response enables you to filter out low-priority vulnerabilities such as informational ones during ingestion, helping prevent the creation of vulnerable items. With this feature, only critical
and high severity vulnerable items are created, thereby improving the overall performance of the product.
- Enhancements to the Unified Vulnerability Response Dashboard (v22.1.2)
- If you've created any exclusion rules, you can now access Exclusion Rule Reports on the Unified Vulnerability Response Dashboard.
- Enhanced Cybersecurity Executive Dashboard (v2.1.3)
- The Cybersecurity Executive Dashboard v2.1.3 includes the following enhancements:
- Key metrics from Governance, Risk, and Compliance (GRC) that offers a comprehensive overview of your organization's cybersecurity posture.
- Direct access to the GRC dashboard through the Cybersecurity Executive Dashboard for seamless navigation and integration of essential risk and compliance information.
- Operational Technology metrics that provide a comprehensive security perspective across both IT and OT environments, facilitating thorough risk management and monitoring.
- An enhanced user experience with an intuitive and distinguishable dashboard design that scales effectively to accommodate the evolving needs of your organization.
- Improved accuracy and reliability in metrics to ensure that the data presented in the dashboards is accurate, supporting better decision-making and strategic planning.
|
Xanadu |
- Identify Wiz Resource Types for import
-
Identify the Resource Types (assets) that are reported by Wiz that you want to import with the Wiz Integration Resource Type configuration page in your ServiceNow AI Platform instance.
The Resource Types that you select apply to all the primary Wiz vulnerability and compliance integrations except the Wiz Container Vulnerability Integration. See the Wiz Vulnerability Response Integrations for more information about the vulnerability and compliance
integrations.
- Wiz Backfill Integrations
-
Retrieve and process data stored on the Wiz Missing Assets [sn_vul_wiz_missing_asset] table for assets that were not processed by the primary Host Vulnerability Integration with a specialized Wiz Backfill Integration.
The Host Vulnerability Backfill Integration is activated by default.
Note: The Wiz Asset Integration and the Wiz Container Vulnerability Integration do not have backfill integrations. The Wiz Asset Integration can discover assets and create and update discovered item records on the Discovered item [sn_sec_cmn_src_ci] table. The Wiz Container Vulnerability Integration imports and processes discovered container image records.
- Create solutions from scanners
- Starting with v24.0.6 of Vulnerability Response, solution records can now be configured to be created from scanners such as Tenable, Qualys, and Microsoft Threat and Vulnerability Management (MS TVM). These solutions are set as preferred in the absence of options from software
vendors.
- Activate or deactivate CVEs for exposure assessment
- Starting with version 4.0.1 of Vulnerability Exposure Assessment, if a Common Vulnerability Entry (CVE) has not been updated or had vulnerable items (VITs) created in the past 30 days, the
exposure assessment record for that CVE is automatically marked as inactive. However, you can manually activate or deactivate these records. Additionally, the scheduled job
Check potential vulnerability exposure regularly scans for such CVEs to designate them as inactive. If there is an update, it marks them as active.
- Split detections from Tenable and Microsoft TVM scanners
- Starting with v24.0.6 of Vulnerability Response, you can split the detections from Tenable and Microsoft Threat and Vulnerability Management (MS TVM) scanners, enabling the creation of a unique
vulnerable item (VIT) for each detected vulnerability instance. This split enables the assignment of VITs to various remediation teams, enhancing the management and tracking of
vulnerabilities.
- New Properties module
- Starting with v24.0.6 of Vulnerability Response, a new Properties module has been added to the navigation menu under the Administration section. This
module enables direct modification of the values, offering a user-friendly method to manage and update system properties directly from the interface.
- Deletion of classification rules and application on discovered items
- Starting with v24.0.6 of Vulnerability Response, if a classification rule is deleted or deactivated, it’s no longer applied to the discovered item and the data in the
Classification and Classification_type fields get cleared.
- Exceptions for CI creation
- Starting with v24.0.6 of Vulnerability Response, if Identification and Reconciliation engine (IRE) encounters exceptions that prevent the creation of configuration items (CIs), the specifics of these
exceptions are recorded in the Additional Information field.
- View configuration item history
- Starting with v24.0.6 of Vulnerability Response, you can view the updates to a CI in the Discovered Item table. Information including the previous CI, the updated CI, and the user who made the
changes is documented in the Audit History related list.
- Customize the calculation of Age and Age closed values of a vulnerable item
- Starting with v24.0.6 of Vulnerability Response, the Age and Age Closed durations of a Vulnerable Item can be configured to be calculated from the date in the Created, Opened, or First Found
fields.
- Open the search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI
- Starting with v24.0.6 of Vulnerability Response, automatically open your search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI, by adjusting the application scope in the unified navigation bar to Vulnerability Manager Workspace or IT Remediation Workspace respectively. These application scopes are available to you based on your assigned role.
- Vulnerability Manager Workspace access to the sn_vul.read_all role
- Starting with v24.0.6 of Vulnerability Response, as a user with the sn_vul.read_all role, you can view the host vulnerable items in the Vulnerability Manager Workspace.
- IT Remediation Workspace access to the sn_vul.read_assigned role
- Starting with v24.0.6 of Vulnerability Response, as a user with the sn_vul.read_assigned role, you can view the host vulnerable items assigned to you and your assignment groups in the IT Remediation Workspace and remediate them.
- Navigate to the List page in the Vulnerability Manager Workspace or IT Remediation Workspace by selecting the links from the All menu
- Starting with v24.0.6 of Vulnerability Response, when you enable the 'sn_vul_cmn_ws.navigate_to_workspace' system property, selecting predefined filter links in the Vulnerability Response module from
the 'All' menu will automatically open these links in the List page in the Vulnerability Manager Workspace or IT Remediation Workspace based on your role.
- Hide the record count on the Host Vulnerable Items list in the Vulnerability Manager Workspace and IT Remediation Workspace
- Starting with v24.0.6 of Vulnerability Response, you can hide the record count on the lists in the List page of the Vulnerability Manager Workspace and IT Remediation Workspace by adding the table names to the glide.ui.list.seismic.omit.count system property.
- Enable automatic refresh for the Home page dashboard in the Vulnerability Manager Workspace
- Starting with v24.0.6 of Vulnerability Response, when creating and editing filters in the Host Vulnerabilities tab on the Home page of the Vulnerability Manager Workspace, you can configure the widgets to refresh automatically. Otherwise, you can manually refresh the widgets by selecting the
Refresh button on the Host Vulnerabilities tab.
- Re-evaluating remediation properties for all records in the Vulnerability Manager Workspace
- Starting with v24.0.6 of Vulnerability Response, you can evaluate the remediation properties for all the Vulnerable Items from the Host Vulnerable Items list by selecting the All
items option in the Record selection field of the Re-evaluate remediation properties modal in the Vulnerability Manager Workspace.
- Reevaluate the remediation properties for vulnerable items in the Vulnerability Manager Workspace
- Select the vulnerable items conditionally for reevaluating the following remediation properties in the Vulnerability Manager Workspace:
- Assignments
- Remediation tasks
- Remediation target date
- Exceptions (Vulnerability Response v24.0.6)
- Risk score
- Navigate to the Exposure Assessment page in workspaces from the All menu
- With the Vulnerability Response Pro or Enterprise subscription, you’re redirected to the Exposure Assessment page in the Vulnerability Manager Workspace or Vulnerability Assessment
Workspace based on your role, on selecting the Exposure Assessment link in the All menu.
- Common Security Advisory Framework (CSAF) scanner mapping is optional
- The Scanner mapping field is now optional for the following Common Security Advisory Framework (CSAF) import methods:
- File import
- Advisories
- CSAF URL
- Multiple vendors supported for CSAF through Rolie feed
- Import vulnerability solutions from CSAF aggregators or trusted providers via URL import supporting Resource-Oriented Lightweight Information Exchange (ROLIE) feed. These vulnerability
solutions are automatically mapped to the correct vendor and vulnerable items (VITs) based on the Common Vulnerabilities and Exposures (CVEs).
- Enhanced processing performance of scheduled job
- The Rollup vulnerable item values to vulnerability and group scheduled job is enhanced to create background jobs with multithreading capabilities. This upgrade
involves segmenting the job into several smaller child jobs, which are executed either in parallel or concurrently. This modification enables processing of multiple records
simultaneously, thus significantly speeding up the overall task.
- Workflow deprecation and replacement by flow designer
- The following workflows have been deprecated and replaced by the flow designer:
- Exception Rule State Approval
- Remediation Task State Approval
- Vulnerability Response - Scan Vulnerability
- Vulnerable Item State Approval
- Vulnerability Response - Scan Vulnerable Item
.
- Risk score updates in the Notes section
- Access information on how an item's risk score is adjusted according to modifications in the vulnerability calculators. These details are available in the Notes section and include:
- Calculator group name
- Calculator name
- Field values along with their weightage and impact on the risk score
- Final risk score
- Vulnerability Crisis Management (VCM) is available as a separate subscription in the store
- Starting with v1.0.1 of Vulnerability Crisis Management, the application is available as a separate subscription in the store. You can access Vulnerability Crisis Management from the
Vulnerability Assessment workspace only if you have fine- grained entitlement or have installed the application from the store. Previously, Vulnerability Crisis Management was included
with the Vulnerability Emergency Response plugin.
- Vulnerability Exposure Response is renamed as Vulnerability Exposure Assessment
- Starting with v3.2.2, the Vulnerability Emergency Response plugin has been renamed as Vulnerability Exposure Assessment.
|