Vulnerability Response release notes ServiceNow® Vulnerability Response application enhancements and updates in the Istanbul release. Istanbul upgrade information To reduce upgrade time, if you have Qualys or a third-party integration installed, delete all attachments on your integration data sources. You can find them by navigating to System Import Sets > Administration > Data Sources and searching by integration. See Manage attachments Manage attachments for more information. Activation information Activate the Vulnerability Response plugin and configure it based on the needs of your organization. This plugin is available as a separate subscription. New in the Istanbul release Bulk scanning of vulnerabilities and vulnerable items You can simultaneously scan multiple vulnerabilities or vulnerable items that contain at least one affected CI or an IP address populated on the form. Automated scan processing When performing a scan on a vulnerability or vulnerable item , if the scan identifies that the vulnerability or vulnerable item still exists (not fixed), the state is change to Reopened, a work note is added, and a workflow trigger causes a rescan. Vulnerability Response Orchestration With Vulnerability Response Orchestration activities, users can interact with and retrieve data from Windows or UNIX-based systems and environments using workflow. Changed in this release Dashboard enhancements: You can filter report widgets directly from a homepage or dashboard without modifying the reports using interactive filters. New reports added to overview: CIs not Scanned: lists all configuration items that have not yet been scanned. CIs with Vulnerability by Date: lists all configuration items and their last scanned date. New Vulnerable Items: lists vulnerable items created in the last 30 days and which have a Vulnerability Group Risk Accepted value of true. Vulnerability groups: Vulnerability groups have been added for grouping vulnerable items based on vulnerability, vulnerable item conditions, or filter group. Scan queue for vulnerability scanning: Vulnerability scan requests submitted to a third-party vulnerability scanning integration are queued so as not to overload system resources. You can view the status of queued requests, as needed.