0
30.1.2
Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
This app version is intended for Unified Security Exposure Management (USEM), a major architectural upgrade to Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade.
For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version of this app below 30.x when installing or upgrading.
The Wiz integrations import vulnerability and compliance data from Wiz scanners into your ServiceNow AI Platform instance to help you get deeper insights into your cloud infrastructure risks. These integrations provide you with a comprehensive assessment of your overall cloud security posture and drive remediation actions directly from the ServiceNow AI Platform.
The Vulnerability Response Integration with Wiz application includes the following key integrations:
- Wiz Asset Integration
- This integration is a prerequisite to run any of the other Wiz integrations. Import assets to which the findings from other subsequent integrations are linked to.
- Wiz Vulnerability Integration
- Import host vulnerability findings related to virtual machines and serverless assets in your cloud environment with Wiz’s Host Vulnerability Integration. These findings are mapped to Host Vulnerable Items (VITs) within the Vulnerability Response application to support remediation workflows.
- Import container image vulnerability data discovered by Wiz. Findings are mapped to container vulnerable items (CVITs) to support triage, risk prioritization, and targeted remediation workflows for container-based workloads.
- Wiz Configuration Compliance Integration (Wiz Test Results)
- Import configuration test results from Wiz to detect non-compliant cloud configurations. Findings are mapped to cloud test results (CTRs) in the Configuration Compliance application to help you enforce security policies and standards across your cloud environment.
- Wiz Issues Integration
- Import Wiz Issues that identify assets involved in toxic combinations of vulnerabilities and misconfigurations. These findings are also mapped to CTRs with 'Wiz Issues' labeled as the source to help you track and remediate assets that may pose complex multi-vector risks.
- New
- Resource types filters are supported on the Test Results, Issues, Host Vulnerability, and Host Test Results tabs on the Wiz Configuration page.
- Additional attributes imported from Wiz which are not stored in the Discovered items [sn_sec_cmn_src_ci] table are stamped in this table with "Asset Attributes".
- Fix information that includes 'Fix available', 'Partial fix available', 'No fix available', and 'Fix version' from the [fix_available] and [fix_version] columns is rolled up to CVITs from findings. Note: If there are two or more findings on a CVIT, the fixed version might only apply to one. In that case, 'Partial fix available' is rolled up to the CVIT.
- The Wiz vendor severity attribute is mapped to the 'Source severity' column on findings records in the Container Image Findings [sn_vul_container_image_findings] table.
- Source severity is mapped to the Priority column on the Test Results [sn_vulc_result] table.
- Test results from the host misconfiguration integration are classified as result type 'host_misconfiguration'.
- Data for resources that have the validated_at_runtime flag set to 'Yes' is imported and populated on detections.
- The backfill integrations for the Host Vulnerability, Test Results, Host Test Results and Issues integrations for these primary integrations have been removed for this release. Note: After you upgrade to this version (1.1.1), you must set the import schedule to backdate by three days and run the Host Vulnerability, Test Results, Host Test Results and Issues integrations to import any assets from the Wiz Missing Assets [sn_vul_wiz_missing_assets] table that might have been missed during upgrade.
- Changed
- The [is_ignored] column is deprecated for the Host Test Results and Test Results Integrations. This column was replaced by the [is_result_ignored] column.
- The CMDB internet-facing field on the Discovered item is mapped to Limited Internet Exposure on findings.
- Increased Column length for the descriptions in the Container Vulnerability Import and Host Vulnerability Import tables.
- The cluster and namespace is evaluated for all the following entity Types: DEPLOYMENT, DAEMON_SET, STATEFUL_SET, POD.
- Modified integrations to adopt standardized data model and modularized feature sets for compatibility with Unified Security Exposure Management (USEM).
- Removed
- Since their primary integrations can create discovered items and configuration item records after import, the following backfill integrations have been removed:
- Test results backfill integration
- Host test result backfill integration
- Issues backfill integration
- Since their primary integrations can create discovered items and configuration item records after import, the following backfill integrations have been removed:
-
- The Wiz Missing Assets [sn_vul_wiz_missing_assets] table that supported the backfill integrations is deprecated.
- The following Security Operations plugins must be installed and activated:
- com.snc.security_support.vul
- com.snc.secops.orchestration
- The following applications must be installed and activated. These applications are available from the Servicenow Store:
- Vulnerability Response application and its dependent plugins
- For ingesting misconfigurations from Wiz, we need to install the com.snc.vulc plugin
- For ingesting the container vulnerabilities from Wiz, we need to install the com.snc.vulnerability.container plugin.
- Permissions and roles:
- System Admin (admin) for installation, and
- sn_vul_container.configure_integration or sn_vul_int_fw.configure_integration to configure the integration.