0
26.0.11
Yokohama, Xanadu, Washington DC, Vancouver
Vulnerability Response helps organizations respond faster and more efficiently to vulnerabilities, connects security and IT teams, and provides real-time visibility into your security posture. Vulnerability Response connects the workflow and automation capabilities of the Now Platform® with vulnerability scan data from leading vendors to give your teams a single platform for response that can be shared between security and IT.
The Vulnerability Response application includes the following capabilities:
- New modern user experience through the Vulnerability Manager and IT Remediation Workspaces.
- Automate the process of organizing vulnerabilities into a group and assigning it to the IT operations team.
- Prioritize vulnerabilities based on asset criticality and vulnerability severity.
- Improve the flow of work between Security and IT via a comprehensive remediation workflow.
- Import Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA) vulnerabilities, manual penetration test assessments, and application vulnerable items to help you determine, prioritize, and remediate the impact and priority of flaws in your code using the Application Vulnerability Response (AVR) feature.
- Import information from the NIST National Vulnerability Database (NVD) with the Vulnerability Response Integration with NVD to better understand your vulnerability exposure.
New:
- Enhanced questionnaire support for exception management via Smart Assessment (Workspace Only):
- Advanced questionnaire configuration: Configure advanced questionnaires as part of the exception management process using Smart Assessment. This enhancement allows remediation owners to provide more detailed context for exception requests and enables approvers to configure conditional questions to gather information for informed decisions.
- Collaboration and streamlined approval: Facilitate collaboration between your vulnerability management and remediation teams by streamlining the approval process with clear and complete exception justifications.
- Mandatory questionnaires: Block the submission of exception requests until mandatory questionnaires are completed. If a questionnaire is marked as mandatory, the test results and its associated remediation tasks remain in the 'Open' state until the questionnaire is completed and submitted. If the questionnaire is incomplete, the state change approval record is saved as 'Draft'. Only after completing the questionnaire can the user submit the exception request, which will then move the test results or remediation tasks to the 'In Review' state.
- Lookup rules enhancements: When you reapply Lookup rules, discovered items (DIs) that have been inactive for more than 90 days are ignored. These DIs are also excluded from licensing considerations. Removing them from the lookup logic can improve performance and reduce processing time.
- Background job enhancements: New fields have been added to help you view successfully evaluated records, the time taken for processing, the time remaining, and an estimated number of records.
- Improved accuracy for non-CSDM Vulnerability Response users: A system property (sn_sec_cmn.ci_lifecycle_status_source) has been introduced to help users who do not follow Common Service Data Model (CSDM) standards. This property ensures that DIs and associated VITs are properly marked as Decommissioned and are excluded from the CI Lookup. Additionally, the Retired Configuration Items PA indicator has been updated to accurately reflect CIs based on the decommissioning flags.
- Import application vulnerable items (AVITs): You can now import AVITs from external sources using standardized templates (e.g., CSV, Excel) and manage the pen test findings lifecycle. The system supports the ingestion of vulnerability data, including details such as affected application, vulnerability description, severity, and remediation recommendations. The process of consolidating vulnerability data from diverse sources into a centralized Pen test workspace has been simplified.
Changed:
- Enhancements to exception rules handling:
- Exception rules are reevaluated with nightly scheduled jobs.
- Vulnerable items that no longer match exception rule conditions are unlinked from remediation tasks.
- A deferred vulnerable item (VIT) is reopened if it doesn’t match any active exception rules.
- Exception rules don’t create remediation tasks. VITs are deferred directly and aren’t associated with a remediation task.
- Support for Tenable's endpoint scanning integration to retrieve scan metadata. The integration fetches scan details using the last_schedule_id from existing asset data in Tenable.io.
- Added the Reopened Count field on vulnerable items to track the number of times their states change from 'Closed' to 'Open' or to 'Active'.
- Out-of-the-box vendor advisories via Common Security Advisory Framework (CSAF) integration. The following vendor advisories are configured out-of-the-box and are automatically activated when the Solution Management plugin is enabled.
-
- Redhat
- Suse
Fixed:
- Translation and localization issues for the Risk Rating field on the compensating control, as well as the "Overview" page fields in both the IT Remediation and the Vulnerability Manager workspaces.
- Removed the Split UI task button from the remediation tasks created through exception rule.
- Translation issue fixed with approval notes.
- Assignment group updation through bulk edit is fixed for AVITs and container vulnerable items (CVITs).
- Added a validation check when creating a new Common Vulnerability Reporting Framework (CVRF) / CSAF integration if another CVRF or CSAF configuration with the same vendor already exists.
- Populated the Red Hat Enhancement Advisory (RHEA)/ Red Hat Bug Advisory (RHBA) solutions to sn_vul_solution, where the advisories are linked to atleast one Common Vulnerabilities and Exposures (CVE).
- Removed usage of preferred solution in container vulnerable items.
- Issues related to state change management between detections with and without exclusions and vulnerable items are addressed.
- Reapply assignment rules no longer consider the findings with the assignment type as 'Unassigned'.
- The following dependency plugins for Vulnerability Response must be activated:
- com.snc.vul_dep plugin for Vulnerability Response Dependencies
- The following Security Operations applications must be installed and activated:
- Security Integration Framework
- Security Support Common
- Security Support Orchestration
- Permissions and roles
- Roles required:
- System Admin (admin) for installation
- For Configuration:
- Application Security Manager (User part of App-Sec Manager group) for Application Vulnerability Response
- For access to the Vulnerability Response Workspaces:
- IT Remediation Workspace: sn_vul.remediation_owner
- Roles required: