Combined Vulnerability Response integrations release notes for upgrades from Washington DC to Zurich

How to use this page

To help you prepare for your upgrade, we have combined the cross-family Vulnerability Response integrations release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Washington DC to Zurich.

Tip:

If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

Important information for upgrading Vulnerability Response integrations to Zurich

Before you upgrade to Zurich, review these pre- and post-upgrade tasks and complete the tasks as needed.


Release	Release notes
Washington DC	For more information about the released versions of the Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Washington DC release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base. For information about the new features of Vulnerability Response, see Vulnerability Response release notes.
Xanadu	For more information about the released versions of the Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Xanadu release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base. For information about the new features of Vulnerability Response, see Vulnerability Response release notes.
Yokohama	For more information about the released versions of the Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Yokohama release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base. For information about the new features of Vulnerability Response, see Vulnerability Response release notes.
Zurich	No updates for this release.

New features

Between your current release family and Zurich, new features were introduced for Vulnerability Response integrations.


Release	Release notes
Washington DC	Black Duck Vulnerability Integration 1.0 Identify and mitigate the open-source code vulnerabilities detected by Black Duck Software Composition Analysis (SCA) tool ingested into Application Vulnerability Response to reduce the risks. GitHub Application Vulnerability Integration v1.1 Import application information from your GitHub repositories with the GitHub Repos Integration. Imported data is stored in the Discovered Applications [sn_vul_app_release] table. The GitHub CodeScan and Dependabot integrations require current application data that is imported by the GitHub Repos Integration. Enhancements to the (OAuth) authentication credentials on the GitHub Configuration page. Enhancements to the Veracode Vulnerability Integration v4.2 Select Get More Details on Veracode application vulnerable items (AVITs) on the Application Vulnerable Item [sn_vul_app_vulnerable_item] table or from the list views in the Vulnerability Response Workspaces to view the following data imported from Veracode: HTTP Source request and Source response details for Dynamic Application Security Testing (DAST) scans are displayed on the HTTP Request/Response related list. Solution recommendations from Veracode are displayed on the Findings related list. HTTP Source request, Source response, and recommendations are displayed on the Details tab In the Vulnerability Response workspaces. The Description column is supported on the Application Vulnerable Item [sn_vul_app_vulnerable_item] table. Enhancements to Application Vulnerability Response AVIT Vulnerability Integrations View details such as total processing times, average times for pre- and post-integration run processes, and reports on the integration run records for the Fortify (v2.3), Invicti (v1.1), and Veracode (v4.2) Application Vulnerable Item (AVIT) Integrations. Leverage Exploit Prediction Scoring System (EPSS) score for vulnerability prioritization Enrich the NVD data in your instance to prioritize and remediate vulnerabilities by using the Exploit Prediction Scoring System (EPSS) integration to import the EPSS data that is related to common vulnerabilities and exposures (CVEs) from FIRST.org. Ingest Known To Be Used in Ransomware Campaigns Beginning with v21.0.5 of Vulnerability Response, a new field, Known To Be Used in Ransomware Campaigns, is ingested from the Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEVs) catalog. Generate solutions by Rapid7 InsightVM using solution_id Beginning with v21.0.5 of Vulnerability Response, there’s an update in the solution creation process for Rapid7 InsightVM. Previously, solutions were generated based on the information provided in the solution_summary, solution_fix, and solution_type fields. However, with this update, Rapid7 InsightVM utilizes the solution_id sent by the scanner to create solutions even if the solution_summary, solution_fix, or solution_type fields are empty.
Xanadu	Scan vulnerabilities on running hosts Starting with v3.0.3 of Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute, you can scan vulnerabilities on running hosts. The Prisma Host APIs enable retrieval of comprehensive vulnerability information for a specific host and enable assignment and remediation workflows Populating the CPE information for a Tenable TPE The newly added Softwares column in the Third-Party Vulnerability Entries table populates the Common Platform Enumerations (CPEs) information for the Tenable plugins.
Yokohama	Tenable.io CI lookup rules prioritize the non-empty network interface values (FDQN, IPV4, and MacAddress) for a discovered item The Tenable.io CI lookup rules prioritize and populate the non-empty network interface values (FDQN, IPV4, and MacAddress) over the regular FDQN, IPV4, and MacAddress values for a discovered item.
Zurich	No updates for this release.

Changes

Between your current release family and Zurich, some changes were made to existing Vulnerability Response integrations features.


Release	Release notes
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.

Removed

Between your current release family and Zurich, some Vulnerability Response integrations features or functionality were removed.


Release	Release notes
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.

Deprecations

Between your current release family and Zurich, some Vulnerability Response integrations features or functionality were deprecated.


Release	Release notes
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.

Activation information

Review information on how to activate Vulnerability Response integrations.


Release	Release notes
Washington DC	Install supported third-party integration applications for Vulnerability Response by requesting them from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Xanadu	No updates for this release.
Yokohama	Install Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Zurich	No updates for this release.

Additional requirements

If any additional requirements were introduced or changed for Vulnerability Response integrations we have noted them here.


Release	Release notes
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.

Browser requirements

If any specific browser requirements were introduced or changed for Vulnerability Response integrations we have noted them here.


Release	Release notes
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.

Accessibility information

Review details on accessibility information for Vulnerability Response integrations, such as specific requirements or compliance levels.


Release	Release notes
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.

Localization information

If there are specific localization considerations for Vulnerability Response integrations we have noted them here.


Release	Release notes
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.

Highlight information

If there are specific highlight considerations for Vulnerability Response integrations we have noted them here.


Release	Release notes
Washington DC	Prioritize and address vulnerabilities efficiently and enhance your overall vulnerability management strategy by ingesting crucial information about vulnerabilities that are actively exploited using the Vulnerability Response integration with the CISA Known Exploited Vulnerabilities (KEVs) catalog. This integration also incorporates EPSS data from FIRST.org focusing on software vulnerabilities currently under exploitation. Ingest the newly introduced field Known To Be Used in Ransomware Campaigns in Vulnerability Response from Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEVs) catalog. See Vulnerability Response integrations for more information.
Xanadu	No updates for this release.
Yokohama	The Tenable.io CI lookup rules prioritize and populate the non-empty network interface values (FDQN, IPV4, and MacAddress) for a discovered item. See Integrate for more information.
Zurich	No updates for this release.