0
26.1.4
Zurich, Yokohama, Xanadu, Washington DC, Vancouver
Vulnerability Response helps organizations respond faster and more efficiently to vulnerabilities, connects security and IT teams, and provides real-time visibility into your security posture. Vulnerability Response connects the workflow and automation capabilities of the Now Platform® with vulnerability scan data from leading vendors to give your teams a single platform for response that can be shared between security and IT.
The Vulnerability Response application includes the following capabilities:
- New modern user experience through the Vulnerability Manager and IT Remediation Workspaces.
- Automate the process of organizing vulnerabilities into a group and assigning it to the IT operations team.
- Prioritize vulnerabilities based on asset criticality and vulnerability severity.
- Improve the flow of work between Security and IT via a comprehensive remediation workflow.
- Import Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA) vulnerabilities, manual penetration test assessments, and application vulnerable items to help you determine, prioritize, and remediate the impact and priority of flaws in your code using the Application Vulnerability Response (AVR) feature.
- Import information from the NIST National Vulnerability Database (NVD) with the Vulnerability Response Integration with NVD to better understand your vulnerability exposure.
New:
- Vulnerability managers and vulnerability analysts can now adjust the severity of common vulnerabilities and exposures (CVEs) and third-party entries (TPEs) from the list view in the vulnerability manager workspace. The risk level of the associated vulnerabilities will be recalculated during the scheduled jobs based on the modified severity. You can also reset the severity to its original source value if required.
- With the Wiz Vulnerability Response Integration application, import vulnerability, compliance, test result, and issues data from Wiz scanners into your ServiceNow AI Platform instance to help you get deeper insights into your cloud infrastructure risks. The following integrations are included with the Wiz Vulnerability Response Integration application:
- Wiz Vulnerability Integrations
- Import host vulnerability findings related to virtual machines and serverless assets in your cloud environment. These findings are mapped to Host Vulnerable Items (VITs) within the Vulnerability Response application to support remediation workflows.
- Import container image vulnerability data discovered by Wiz. Findings are mapped to container vulnerable items (CVITs) to support triage, risk prioritization, and targeted remediation workflows for container-based workloads.
- Wiz Configuration Compliance Integration (Wiz Test Results)
- Import configuration test results from Wiz to detect non-compliant cloud configurations. Findings are mapped to cloud test results (CTRs) in the Configuration Compliance application to help you enforce security policies and standards across your cloud environment.
- Wiz Issues Integration
- Import Wiz Issues that identify assets involved in toxic combinations of vulnerabilities and misconfigurations. These findings are also mapped to CTRs with 'Wiz Issues' labeled as the source to help you track and remediate assets that may pose complex multi-vector risks.
Changed:
- Manual termination of background jobs is now enabled for Vulnerability Response Exposure Assessment tasks.
- Configuration through system property sn_vul_cmn.related_list.set_max_row to show number of records in related lists for affected CIs, preferred solutions etc for VIs
Fixed:
- Fixed issues related to 'Until Date' for False Positive such as making the field editable for AVITs, displaying error message when a past 'Until Date' is chosen & ensuring roll down of 'Until Date' from RTs to findings.
- Deferred 'Until date' issues for customers using any date format from basic configurations.
- VITs that have no open detections will not reopen after the expiration of the false positive due date.
- Creation of multiple Unassign requests for an RT by ensuring if a VCA record for an Unassign request already exists, more should not be created for the same RT.
- Surfacing the Substate as "Reason" in the Overview tab of Workspaces for Remediation Tasks.
- Removed 'Assign to me' button in List View of Workspaces for an RT that is already assigned to the Remediation Owner.
- Fixed API called from the Re-apply CI Lookup Rules on the Changed Discovered items scheduled job.
- Performance improvement of Aggregated Reporting Framework for more than 100K records, ensuring standard reports do not result in a timeout.
- Resolved the state transition of state change approval record created from bulk edit when questionnaire is selected.
- Resolved an issue where reopening a test result that was part of a Resolved RT caused duplicate Remediation Task creation.
- Resolved copy url issue in VM and IT remediation workspace.
- Localization and internationalization improvements for the VM Workspace.
- The following dependency plugins for Vulnerability Response must be activated:
- com.snc.vul_dep plugin for Vulnerability Response Dependencies
- The following Security Operations applications must be installed and activated:
- Security Integration Framework
- Security Support Common
- Security Support Orchestration
- Permissions and roles
- Roles required:
- System Admin (admin) for installation
- For Configuration:
- Application Security Manager (User part of App-Sec Manager group) for Application Vulnerability Response
- For access to the Vulnerability Response Workspaces:
- IT Remediation Workspace: sn_vul.remediation_owner
- Roles required: