Upgrade tasks and notable changes by application or feature

Complete the upgrade tasks where necessary to prepare for the upgrade process. Before you upgrade, review the notable changes to applications and features in Istanbul. After an upgrade, complete applicable migration tasks after the upgrade to protect your data and customizations from changes to the system.

Upgrade and migration tasks

Application or feature Details
Change Management If you are upgrading from a release prior to Geneva, you can choose to activate Change Management core, State Model, Standard change catalog, and Mass updates CI plugins. After you activate the Change Management core plugin you must perform specific tasks to ensure that change types and customizations are updated. For details, see Migrate Change Management from releases prior to Geneva.
Computer Telephony Integration (CTI)

The requirements for the sys_cti_rule parameter have changed. See the Computer telephony integration release notes for details.

In preparation for your upgrade to Istanbul, ensure that you have a working CTI integration. Make and test the changes on an upgraded non-production instance before using the feature in production. For instructions, see KB0620953.

Connect

If you are currently using the legacy chat feature to provide help desk support, close any open help desk chats before activating Connect Support. Legacy chat and Connect Support cannot be used concurrently. When you activate Connect Support, the system automatically sets the state of all Chat Queue Entry [chat_queue_entry] records to Closed Complete. This ends any open help desk chats.

Dashboards

Review Dashboard upgrade information about enabling responsive canvas, adjusting customized dashboard layouts, and migrating permissions after an upgrade.

Discovery
  • The VMware - vCenter probe that discovered all vCenter objects in previous releases is deprecated in the Istanbul release and replaced by multiple probes. For details about the new probes and steps you need to take to protect your customizations, see vCenter probe upgrade.
  • When you upgrade to Istanbul from a pre-Geneva release, you can still use the legacy identifiers provided with your instance or switch to the new CMDB identifiers by setting a system property. It is important to note that if Service Mapping is active on your instance, the CMDB identifiers are always used regardless of the property value. For details, see Discovery identifiers.
  • Upgrades to versions prior to Istanbul Patch 5 can take an excessive amount of time if the Discovery Log [discovery_log] or TCP Connection [cmdb_tcp] table contains a very large number of records. Upgrade performance issues occur when the sys_domain and sys_domain_path fields, used by domain separated systems, are added and populated in these tables. To improve performance, reduce the number of rows in the discovery_log or cmdb_tcp table prior to upgrading to ensure they contain somewhat less than 1 million rows.
    Important: If you remove records from the TCP Connection [cmdb_tcp] table, be sure to run any required Discovery after the upgrade to repopulate the table.
Event Management and Service Analytics

During an upgrade to the Istanbul release, a script converts and moves Event Management rules and events for the release. Even though this script runs automatically, there are configuration tasks you must complete after the upgrade. For more information, see Upgrade tasks for Event Management.

Financial Management
Important: If you are Geneva users with the financial_mgmt_admin, financial_analyst, or financial_mgmt_user roles, then you cannot access the Cost Transparency and Financial Planning application menus and modules after you upgrade to Helsinki. Reassign the new roles to your users.

Financial Management is no longer dependent on IT DataMart or uses IT DataMart. The DataMart Definitions have been upgraded to Financial Management Segments in Istanbul. New segments required for cost model or budget model must henceforth be created in Financial Management Segments.

GRC: Policy and Compliance Management
The GRC: UCF Import (com.snc.ucf_import_add_on) plugin was deprecated and replaced by the new GRC: Compliance UCF (com.sn_comp_ucf) plugin. See Policy and Compliance UCF upgrade instructions.
Note: If your GRC entitlement date is before December 1, 2016, you are entitled to a free UCF CCH account for the period of December 1, 2016 through November 30, 2018. For customers on Helsinki (Patch 7 and above), or Istanbul and whose effective GRC entitlement date start on Dec 1, 2016 or after, you need to sign up for a UCF CCH account and customize your basic subscription to include API Access. For more information about establishing a UCF CCH account, see Unified Compliance.
Human Resources (HR)
If you are an existing HRSM user on a release prior to Istanbul, you are using the HRSM Non-Scoped app that is activated with the Human Resource Application: Core plugin. After an upgrade to Istanbul, you can continue to use the HRSM Non-Scoped app.
Important: If you use Workday Integration, the Human Resources Application: Workday Integration plugin does not appear. To activate this plugin, consult your service manager. Do not activate the Human Resources Scoped App: Workday Integration plugin.

If you want to migrate to using the new HRSM Scoped app from the HRSM Non-Scoped app, consult your service manager. For Istanbul, there are two versions of the HR Service Management application. See HR Service Management release notes for details.

Knowledge Management

Knowledge Management has changed with Knowledge v3, which is enabled by default for all instances. For migration information, see Knowledge Management v3 migration.

Some of the key differences between Legacy Knowledge and Knowledge v3 are:
  • Multiple knowledge bases (instead of one knowledge base)
  • Separate customizable workflows available for each knowledge base (instead of a single lifecycle shared by all articles)
  • Category structure that supports any number of levels (instead of a two-level organizational structure using Topic and Category)
  • Permissions defined per knowledge base and article, using user criteria (instead of per article, using roles and ACLs)

For additional upgrade considerations, see the links under Migrate.

MID Server
For details on the following upgrade tasks, see MID Server upgrade to the Istanbul release.
  • To ensure that your MID Servers can upgrade successfully, run a series of manual tests for free disk space, access to the download server, and file permissions on the MID Server host.
    Important: After all MID Servers have been upgraded to Geneva or higher, complete the post-upgrade steps listed in the Workaround section of KB0597396.
  • This release introduces features such as application assignment and changes the way various applications select MID Servers. For information on how the upgrade handles defined capabilities, Discovery schedules, IP ranges you have configured, and default MID Servers for Orchestration, see the reference above.
  • In Istanbul, the MID Server can run SSH commands using either the J2SSH client or the proprietary ServiceNow┬« SNCSSH client. When you upgrade from Dublin or earlier, the MID Server property that controls the SSH client selection is not active in your upgraded instance, and the MID Server will use the J2SSH client by default. To enable the SNCSSH client, you must add the mid.property.ssh.use_snc MID Server property and set it to true. Instances upgraded from Eureka or later have the SNCSSH client enabled by default, and no configuration is required. For details, see MID Server properties.
On-Call Scheduling
Upgrading from previous versions is automatic, and all events are recorded in the upgrade logs (System Diagnostics > Upgrade History).
  • The existing On-Call plugin has been changed. When you upgrade, the plugin changes are applied automatically (this action is not optional).
  • The group device functionality is deprecated in favor of a Catch All person.
  • On-call Scheduling replaces the existing business rules for escalations with escalations based on Graphical Workflow.
  • The workflow uses Notification Activities, so it sends emails and not SMS messages. It must be modified to use Create Events activities to send SMS messages.

See Upgrade to on-call scheduling for links to other changes that you should be aware of as you as you transition to on-call scheduling.

Project Portfolio Suite with Financials When you upgrade to Istanbul release, some changes are made to the resource plans. For details, see Project Portfolio Suite with Financials upgrade information.
Reporting Report Charting v2 is automatically used, and Reporting v1 can no longer be used after an instance is upgraded.

The Report Charting v2 plugin uses the Highcharts charting library to generate reports on the client. This plugin generates all the reports in the ServiceNow report set.

Note: Scheduled reports, custom charts, and reports saved as PDF are generated on the server using the Highcharts charting library. As a result, these types of reports sometimes appear differently than reports generated on the client side.
Service Catalog Changes in the underlying service catalog data model affect the way you implement multiple service catalogs. These changes are automatic, but might impact your instance if you have made customizations, such as changes to the data model. For more information, see Upgrade to multiple service catalogs.
Service Mapping

For instances upgraded from earlier versions to Istanbul, Service Mapping uses a legacy algorithm to choose a MID Server for a discovery request. For instructions about configuring a MID Server in an upgraded instance, see MID Server configuration for Service Mapping in upgraded deployments and Configure a default MID Server for Service Mapping for upgraded deployments.

Vulnerability Response

To reduce upgrade time, if you have Qualys or a third-party integration installed, delete all attachments on your integration data sources. You can find them by navigating to System Import Sets > Administration > Data Sources and searching by integration. See Manage attachments Manage attachments for more information.

Notable changes in Istanbul

Before you upgrade, review the notable changes to applications and features in Istanbul.

Platform changes

Application or feature Details
API Refer to the API release notesfor information on new scoped and global classes, as well as additional methods to existing classes.
Authentication
  • Self-service password reset: The Self Service Password Reset plugin (com.snc.password_reset) and the Password Reset (com.glideapp.password_reset) plugin are active by default for new instances and upgrades. By default, when the user requests a reset, the instance sends the user a URL with a user-specific token. After the user opens the URL, the instance prompts the user to enter and confirm the new password. The instance no longer sends a temporary password by default.
  • Certificate expiration: Notifications for expired (but active) SAML certificates are enabled by default and are configured to be sent to the last three logged in users who have the administrator role. This feature reminds you when SAML certificates are going to expire. The notification is sent at least 20 days before certificate expiration. When a new certificate is associated with an active IdP, the notification is sent to the logged-in user who created the certificate.
  • LDAP: If the LDAP server is down, users who are trying to log in can receive a one-time password to access the instance. This is controlled by the glide.ldap.onetime.password.enabled property, which is enabled by default.
Assessments and Surveys
  • Reporting enhancement: Added task ID field. Triggered survey reports are more easily created by binding to incidents rather than copying information using related fields.
  • Triggered survey enhancement: A public survey sent via a triggered condition can be taken without logging in.
Computer telephony integration (CTI)
  • sysparm_cti_rule parameter change: The parameter specified must be a function defined in a sys_script entry marked client-callable. If the function needs to insert, update, or delete any GlideRecord, it must call a separate non-client callable function to perform the updates. Functions not meeting these requirements result in an error like the following to be logged.
    *** WARNING *** Security restricted: User tried to run update(String reason) in GlideRecordSandbox
Configuration Management (CMDB)
  • CMDB dashboard:
    • CMDB dashboard implementation is now based on the Performance Analytics framework for dashboards, taking advantage of the capabilities it provides.
    • Domain separation is now supported in the CMDB dashboard. For more information, see Monitor CMDB health in the CMDB dashboard .
  • Identification and Reconciliation:
    • Identification engine APIs are now accessible in scoped apps. See Activate Configuration Management For Scoped Apps (CMDB) for information about how to activate the plugin, and how to script a scoped app to access those APIs.
    • A new identifyCI API that is similar to the createOrUpdateCI API, but does not commit the result to the database. You can use this API with a given payload to find out if the identification engine will perform insert or update operations, without committing the operation.
    • Identification Engine can now use related CIs as part of the payload when matching CIs. For more information, see Create or edit a CI identification rule.
  • For new instances, new pre-defined values of 'Ready' and 'Retired' are added to the Operational Status field. These values are being used by CI Lifecycle Management.
Connect
  • General Connect enhancements
  • Connect Support enhancements
    • When admins enable the glide.connect.support.reflect_system_messages property, all information messages are included in the chat activity including when a support agent or user leaves a chat conversation.
Core platform
Dependency Views
  • When hovering over a link between two nodes on the map, the tooltip lists all relationship types for the nodes and their direction.
  • Child nodes of virtually grouped nodes are now displayed underneath the virtual node. Child nodes of a virtual group are not virtually grouped even if they are similar, but the next level of nodes can be virtually grouped if possible.
  • You can now collapse a virtual group that has been previously expanded. For more information, see Dependency Views map menus and controls.
Import and Export
Knowledge Management
Flagging articles
The glide.knowman.use_life_feed property controls the display of knowledge article comments.
  • If enabled, the system uses live feed to manage and display feedback on knowledge articles. Flagged comments do not appear on the Article View page. Users with the admin, knowledge_admin, and knowledge_admin roles can access flagged articles by navigating to Knowledge > Articles > All Flagged. Users with the knowledge role can access their flagged articles by navigating to Knowledge > Articles > My Flagged.
  • If disabled, the author of the article and users with the admin, knowledge_admin, and knowledge_manager roles can see all flagged comments. Other users can see only their own flagged comments.
Mobile
  • Mobile web changes
    • The system remembers your login information when you select Remember me on the mobile web.
    • The new mobile web experience released in Helsinki is active by default in new instances starting with this release. Navigate to System Mobile UI > Dublin Mobile Web to make changes to the old mobile UI.
  • Mobile app changes
    • Configure the name and icon for an instance (this is different than the name and icon for the actual app, which is not configurable).
    • Login screen changes: View your password using the eye icon, or tap Forgot password? if you need to change your password.
Notifications
Platform security
  • HTML Sanitizer: You can use urlAttributes to specify protocols that are not sanitized if they are found in an anchor tag.
  • : You no longer need to create ACLs on fields in the database view.
Service Portal
  • Localization improvements
    • Extended translation to widget client script
    • Translated strings
  • Widget Editor improvements
    • Added keyboard shortcuts to improve the editor experience
    • View and edit dependencies alongside a widget using the Dependencies list in the Widget Editor.
  • New search options

    Customers can configure the behavior of search on their portal without having to write, edit, or clone any widgets.

  • getCatalogItem scriptable API: In Istanbul Patch 3a, the getCatalogItem(String itemID) method was changed to getCatalogItem(String itemID, boolean isOrdering), which includes the old method but calls the new method, passing false to the isOrdering parameter.

    The isOrdering parameter indicates whether the system does a create roles security check or a write roles security check on a Service Catalog item's variables. By default, the system does a check on write roles. When users are first ordering an item or have it in their cart, the parameter checks the create roles. If users are not in the process of ordering, for example, if they were looking at a requested item to see the variables associated with that item, then the parameter checks the write roles.

    This change affects the SC catalog item widget, the order guide widget, and the shopping cart widget. Any users who have cloned those widgets or who have a widget that uses the $sp.getCatalogItem call need to update their methods to the new method signature. If you do not update the method calls, the variables will go through a write roles check.

UI
Visual Task Boards
  • Boards are organized into three different tabs on the Visual Task Board homepage:
    • All boards
    • Boards you own
    • Boards you belong to
  • Users can navigate through cards in a lane by using the arrow buttons in a task card.
  • Load Filter, Save Filter, and Clear All have been added to the board filter. For more information, see Create a filter in List v3.
Web Services
  • Outbound REST
    • REST message HTTP methods can be sent with no authentication information when the Authentication type is No authentication. This selection overrides any authentication setting on the parent REST message.
    • The REST message Authentication type choice None was changed to No authentication. The behavior of this choice did not change.
    • The HTTP method Authentication type choice None was changed to Inherit from parent. The behavior of this choice did not change.
    • The Method field on the HTTP Method form was renamed to Name.
    • A REST message can specify more than one HTTP method of each type, such as GET or POST. You can select the type of method using the HTTP method field on the HTTP Method form. HTTP method records without an HTTP method field value, such as those created prior to upgrade continue to use the Name field to determine the method type.
    • When you create a new REST message record, only a default GET HTTP method is created automatically. Previously, default methods were created for GET, PUT, POST, and DELETE.
    • The Endpoint fields on the REST Message and HTTP Method forms are now string fields instead of URL fields.
    • REST messages now support the PATCH method.
  • Performance Analytics REST API
    • Several new parameters are available:
      • sysparm_include_realtime: include the realtime_enabled and realtime_value values in the response
      • sysparm_include_target_color_scheme: include the target_color_scheme value in the response
      • sysparm_include_forecast_scores: include the forecast_scores value in the response
      • sysparm_include_trendline_scores: include the trendline_scores value in the response
    • The API returns the indicator_aggregate element which is the value of the indicator Aggregate field.
  • The default value for the property glide.integration.session_timeout is now 1 minute.
  • New default quota rules were added for REST and JSON and for REST UI transactions.

Application development changes

Application or feature Details
Application administration
Delegated development
Studio
  • Updated ServiceNow Studio to:
    • Allow resizing the application explorer.
    • Close one or more tabs from the Window menu item.
    • Close the current tab with a keyboard shortcut.
    • Disable usage during upgrade.
    • Display the commit history of an application linked to a source control integration from the View history menu item.
    • Display the application name from the status bar.
    • Display the application version number from the status bar.
    • Display the number of saved and unsaved application files from the status bar.
    • Display the status of a source control integration from the status bar.
    • Display whether there are remote changes to apply or local changes to commit from the status bar.
    • Open the Script Debugger from the Launch Script Debugger menu item.
  • Updated the behavior of the Studio module to:
    • Open Studio in a new tab rather than display the Welcome to Studio launch page.
    • Set focus to any already open Studio tab.
  • Updated the application file types available in Studio to:
    • Create Service Portal records for the Theme, Style Sheet, JS Include, and Widget Dependency tables.
    • Create integration records for the Export Set and Import Set Web Service tables.
    • Distinguish between records for inbound and outbound integrations.
    • Edit existing Orchestration records for the Activity Definition table.

Business Management changes

Application or feature Details
Agile Development
  • Roles: The following roles are added to scrum_team_member:
    • rm_scrum_task_admin
    • rm_enhancement_admin
    • rm_defect_admin
Financial Management
  • Financial Management segments: Financial Management segments are used in the financial model or budget model hierarchy to capture the segments instead of DataMart dimension. The accounts in the cost transparency allocation setup are directly from the transaction table and not from the dimension snapshots.
Governance, Risk, and Compliance
Assessments and attestations can now be created using:
Policy and Compliance Management
  • Publish policies to various knowledge bases by setting the knowledge base field on the policy.
  • Create an HTML article template for simple formats needing information from the policy but not information from other records. Create an XML or script article template for formats needing information from other records in the system. For example, you may want to add information from the policy statement to the KB article, as well.
  • Files attached to a policy are automatically attached to the KB article that is created from it.
  • Set up which policy statements automatically create controls when associated to a profile type.
Audit Management
  • Generate a report once an engagement goes into the Approval, Follow-up, or Complete states, by setting the Report template field on the engagement.
  • Provide external users with read-access to closed audit tasks and engagements for external auditing purposes.
  • Use the audit workbench filter to search for audits.
Project Portfolio Suite with Financials
  • Portfolio workbench: The enhanced Portfolio workbench allows portfolio managers to perform annual portfolio planning, and track progress of their portfolios. The new workbench shows all demands and projects lined up for the given fiscal year with their planned cost and the planned labor hours. Portfolio managers can compare projects and demands, and select those that are aligned with organizational goal and priorities and can be executed with the given cost and resource constraints. The Track Portfolio action allows the portfolio managers to track the progress of their portfolio after projects are executed.
  • Resource Management: Soft allocations are created only when the resource plan moves to the Confirmed state. Soft allocations are no longer created during the Planning or Requesting phase.
  • Roles: ITIL role does not have read access to project and project tasks.
Time Card
  • Time cards are auto created only for the time card users, AND if the user is assigned to the task through Assigned to or Additional assignee list.

IT Operations Management changes

Application or feature Details
Cloud Management
  • Requesting Amazon, Azure and VMware VMs: Missing client-side validation information for well-known fields has been added.
  • Provision ARM templates into existing resource groups in Azure: Allow ARM templates to be used to provision into existing resource groups.
  • Missing tag report: Cloud admins and operators can see a tabular view of all resources that are missing tags.
  • Bulk tagging: Already available for AWS, bulk tagging is now also available for Microsoft Azure and VMware. It was expanded to include more resource types. Cloud admins, operators, and users can apply multiple tags to their cloud resources from a single screen.
Discovery
  • VMware vCenter and workstations:
    • The discovery of VMware workstations is no longer supported.
    • The VMware - vCenter probe is deprecated and its functionality is shared by individual vCenter probes that return information about ESX machines, virtual machines, and other vCenter objects. You can disable the probes for the information that does not interest you and reduce the size of the payload returned from vCenter.
  • MID Server and MID cluster selection: On a Discovery schedule, you can select a specific MID Server or a specific MID Server cluster for use during discovery. If you specify a MID Server cluster, the discovery process uses that cluster only. You cannot chain clusters or specify a single MID Server that belongs to multiple clusters.
  • Unified patterns: You can create patterns that both Discovery and Service Mapping can use for horizontal discovery and top-down discovery respectively.
  • Discovery Quick Start: The Discovery Quick Start feature is deprecated and removed from the platform in upgraded instances. The only exception would be if Quick Start was in the middle of the setup process at the time the instance was upgraded to Istanbul. In this case, Quick Start is only available until the configuration process is complete. It is then removed and replaced by Guided Setup.
  • New process classifiers: are available for a number of applications, which use patterns by default for discovery. Refer to the Discovery release notes for details.
Event Management
  • Avoid impact to event processing during a platform upgrade: Event Management jobs that started running before the upgrade commenced continue to run during the platform upgrade. For further information, see Upgrade tasks for Event Management.
  • Identifier attributes: You can now change the default set of attributes that Service Analytics alert aggregation uses to form patterns for alert aggregation. Instead of the default attributes (CI/MetricName), you can specify different CI and alert attributes that are used as identifier attributes for learning patterns, which result in alert groups that are meaningful in your environment.
  • Service Analytics correlated alert groups are now referred to as automated alert groups and are displayed along with the other alert groups in the Event Management dashboard and the alert console.
  • Service Analytics root cause analysis (RCA) now also applies to alerts associated with manual services.
Orchestration
  • Deprecated activities: The following activities from previous versions were converted with the Orchestration activity designer and can now store input and output variables in the databus. If you have a workflow created in a previous release that uses the legacy versions of these activities, your workflow will continue to work normally after upgrading to Istanbul. However, all new workflows must use the custom versions of these activities.
  • Activity_creator role: The activity_creator role is now required to view the Custom tab in the Workflow Editor. Users without this role can only access the Packs and Data tabs needed to create automations for certain ServiceNow applications, but cannot access the custom features that require an Orchestration subscription. In previous releases, users with the activity_creator role could access all Orchestration tabs in the Workflow Editor.
MID Server
  • MID Server selection criteria: In addition to IP ranges and capabilities, MID Servers can specify an additional selection criterion: supported applications. The supported application refers to the application that is allowed to use the MID Server, such as Orchestration or Service Analytics. Each application uses this supported application criterion differently. You can also specify initial selection criteria on a MID Server when you validate it.
  • MID Server status: These types of status are new: Upgrading, Upgrade Failed, Paused, Validating, Validation failed.
Service Mapping
  • Traffic-based discovery enhancements

    Internal algorithms for traffic-based discovery are enhanced. Service Mapping triggers additional probes to frequently refresh information used for traffic-based discovery.

  • Improvements in MID Server selection algorithm

    In new installs, Service Mapping adopts a new advanced algorithm that uses updated MID Server selection criteria. For deployments upgraded to Istanbul from earlier versions, Service Mapping continues to use the legacy algorithm to choose MID Servers to support service continuity.

IT Service Management changes

Application or feature Details
On-Call Scheduling
  • Calendar display performance: Improvements made to enhance the response time of the on-call calendar.
  • Calendar interaction:
    • Clicking an event opens a pop-up that presents actions based on context.
      • Manage Rota replaces the Add item dialog.
      • Edit Rota action presents the Rota form.
      • Edit span action presents the schedule entry that generated the event.
    • Manage Rota dialog enables start and end dates to be modified for more preciseness.
Password Reset
  • New installation software for the Password Reset Windows Application

    See any of the installation options under Download and install the Password Reset Windows Application

  • Stronger security restrictions and system requirements for the Password Reset Windows Application

    See Password Reset Windows Application

  • Improved user experience for the Password Reset Windows Application desktop integration. You can now display a password reset link directly on the Windows login page and can configure the text for the link. The new configuration settings are:
    • URL of the page on your ServiceNow instance that users access when resetting a password
    • GUID of the credential provider that is in use
    • Text to display for the password reset link on the Windows login page

    See any of the installation options under Download and install the Password Reset Windows Application

Service Catalog
  • Required check box: You can mark a check box variable as mandatory by selecting the Required Checked check box.
  • Help text: If you select the Show help option for a variable, you can use the Instructions field to enter HTML help text. Selecting the Always Expanded field opens the help text when the form loads always displaying the help text.
  • List v3: Service Catalog currently does not support List v3.

Performance Analytics and Reporting changes

Application or feature Details
Performance Analytics
  • Performance Analytics mobile app:
    • Performance Analytics for mobile can display real-time scores.
    • If defined, Performance Analytics for mobile uses the target color scheme for an indicator.
  • Performance Analytics REST API
    • Several new parameters are available:
      • sysparm_include_realtime: include the realtime_enabled and realtime_value values in the response
      • sysparm_include_target_color_scheme: include the target_color_scheme value in the response
      • sysparm_include_forecast_scores: include the forecast_scores value in the response
      • sysparm_include_trendline_scores: include the trendline_scores value in the response
    • The API returns the indicator_aggregate element, which is the value of the indicator Aggregate field.
  • Certain visualization names were changed to match those used in reports.
    • The word chart was removed from visualization names.
    • Stacked Chart and Stacked Bar were renamed to Stacked Column.
    • Breakdown Semi Circle Donut was renamed to Breakdown Semi Donut.
  • Performance Analytics forms always use the List v3 condition builder, including related list conditions, even if List v3 is disabled for the instance.
  • Newly created automated indicators do not appear as scorecards by default. Select Publish on Scorecards to show the indicator scorecard.
  • When viewing changes in collected records on the Records tab of a scorecard, you can select which set of data to view using a Venn diagram. This Venn diagram replaces the data set choice list.
  • The first day of the week in Performance Analytics charts is determined by the glide.ui.filter.first_day_of_week property instead of the glide.ui.date_format.first_day_of_week property .
  • Users with the pa_data_collector and schedule_admin roles can cancel a running data collection job.
  • Navigating on a scorecard now adds entries to the navigation history.
  • You can sort indicators added to a list widget by Label.
  • Weekly indicators account for the property glide.ui.filter.first_day_of_week when determining the week number in the year.
  • Real-time scores use the same formatting as the historical score that appears when a widget loads.
  • The indicator Field field allows you to select only numerical field types when the Aggregate is any value other than Count or Count distinct.
  • The indicator Unit value Time displays values in an easily readable time format, such as in days, hours, minutes, and seconds.
  • Users with the pa_viewer role can view breakdowns and breakdown elements records.
  • Scorecards shown in a dialog window do not display a back button.
  • The number of periods you can select in a scorecard widget was increased from 10 to 14.
  • A warning message appears if you save a scorecard widget without an indicator group or widget indicator.
  • You can grant access to breakdowns to specific groups and users in addition to users with specific roles.
  • You can control access to indicators and breakdowns based on users and groups, in addition to roles.
Reporting
  • You can view and run reports in the mobile app.
  • PDF functionality improved:
    • A set number of datapoints prevents performance issues and keeps the Java virtual machine (JVM) from running out of memory.
    • Forms exported to PDF with empty translated HTML fields no longer show an exception.
    • When exporting an incident ticket to PDF, all fields are included on a printer-friendly form.
    • PDF export functions for the top layer dataset.
    • Use of a set number of datapoints prevents performance issues and keeps the PDFReportPivot job from running out of memory when exporting too many rows to PDF.
  • The UTC date value field was changed from Date to DateTime, to prevent a one-day shift in Calendar reports.
  • Pivot report and multilevel pivot report titles display. Previously, titles of these reports did not display in the report builder or on reports added to homepages.
  • Drill down from several report types to a list with a drilldown view displays the specified drilldown view. Previously, the displayed drilldown view was the last view used.
  • Unauthorized users receive the correct error message when they try to delete or modify a report.
  • The Highlight based on option in calendar reports is now persistent.
  • Custom chart creation is now deprecated. Multiple data set functionality is now found in the report builder when Performance Analytics Premium is enabled. See Using multiple data series in a report . Data collection based on scripts or formulas is now a function of Performance Analytics. See Performance Analytics data collection and cleanup.
Dashboards
  • When responsive canvas is enabled, new dashboards use responsive canvas and existing dashboards are converted to responsive canvas. In Helsinki, when responsive canvas was enabled, only new dashboards used responsive canvas.
  • On responsive dashboards, users receive an email notification when a dashboard is shared with them.
  • When responsive canvas is enabled, dashboard functionality is located under Self-Service > Dashboards, as well as in the Performance Analytics application.
  • All dashboards have an Owner field. Pre-Istanbul dashboards do not have an owner, but an owner can be assigned to them. Users can manage sharing for dashboards that they own.
  • On responsive dashboards, use the Restrict to roles field to specify roles required to access the dashboard . Users with any of the specified roles can access the dashboard if they have been given access to the dashboard on the dashboard Share pane.
  • On responsive dashboards, the right pane must be open to edit, move, or resize widgets.
  • On responsive dashboards, dashboard quick layouts were moved to the Configuration pane (The configuration pane icon).
  • On responsive dashboards, the look-and-feel of the dashboard header has been updated. Many dashboard actions have been moved to the context menu (The context menu icon).
  • On responsive dashboards, add a tab from the Configuration pane (The configuration pane icon) or context menu (The context menu icon).
  • On responsive dashboards, breakdowns and breakdown element appear under the dashboard header.
  • Only users with access to the Slow Performance Graphs widget can add this widget to dashboards. Previously, users could add it to dashboards even if they could not see its content.
  • Changes to interactive filters:
    • Interactive filter values that you select are persistent, and remain applied when you navigate away then navigate back to a dashboard.
    • Administrators can set default values for interactive filters. However, if a user then selects a different value, that selection becomes persistent and overrides the default for that user.
    • Group interactive filters no longer apply filter conditions automatically on dashboards. After selecting filter conditions in a group filter, click Apply Filter.
    • You can dot-walk to extended fields when configuring interactive filters.
    • When an interactive filter is removed from a dashboard, its filters are also removed. Previously the filters persisted until the dashboard was refreshed.
    • Default values are applied to interactive filters that are added to dashboards and in the Share panel preview. Previously, the defaults were not applied and all choices were selected.
  • Content packs are available for the following applications: Application Portfolio Management, Discovery, Human Resources Service Management Scoped, and Incident Spotlight.

Security Operations changes

Application or feature Details
Security Incident Response
  • Process definitions: State flows have been changed and renamed to process definitions. Security teams can more easily modify the states that teams follow within the context of a security incident with more flexibility when transitioning between states.
  • Updated security incident overview: Security Incident Response Explorer provides a graphical view into security incident activity, so that security administrators or analysts can quickly pinpoint areas of concern.
  • Dashboard enhancements: You can filter report widgets directly from a homepage or dashboard without modifying the reports using interactive filters.
Vulnerability Response
  • Dashboard enhancements: You can filter report widgets directly from a homepage or dashboard without modifying the reports using interactive filters.
  • New reports added to overview:
    • CIs not Scanned: lists all configuration items that have not yet been scanned.
    • CIs with Vulnerability by Date: lists all configuration items and their last scanned date.
    • New Vulnerable Items: lists vulnerable items created in the last 30 days and which have a Vulnerability Group Risk Accepted value of true.
  • Vulnerability groups: Vulnerability groups have been added for grouping vulnerable items based on vulnerability, vulnerable item conditions, or filter group.
  • Scan queue for vulnerability scanning: Vulnerability scan requests submitted to a third-party vulnerability scanning integration are queued so as not to overload system resources. You can view the status of queued requests, as needed.
Threat Intelligence
  • VirusTotal Integration: The VirusTotal integration has been removed from the Threat Intelligence application and is now a separate plugin so it can be installed and configured in the same manner as all other integrations.
  • The VirusTotal API Key [sn_ti_virustotal.api_key] property has been removed from Threat Intelligence properties and is now available from Security Operations > Integration Configuration.
Security Operations integrations
  • Qualys scanner integration enhancements:
    • Enhanced ability for processing results from the Qualys scanner.
    • Qualys can use Qualys asset groups to determine which Qualys appliances to use to scan for vulnerabilities when invoking scans from Qualys integration.
  • VirusTotal Integration: The VirusTotal integration is now available through an orchestration activity and can be initiated within workflows created by you or available as a standard workflow within the product.
Security Operations common functionality
  • The Qualys Knowledge Base - number of days worth of data to retrieve from Qualys server per API request [sn_vul_qualys.kb.max_delta_days] and Qualys Knowledge Base - max QIDs to pull in a single API request when backfilling vulnerability data [sn_vul_qualys.kb.max_backfill_page_size] properties have been removed from Qualys Cloud Platform properties and are now available from Security Operations > Integration Configuration. They have been renamed:
    • Number of days of knowledge base data to retrieve per API request
    • Max number of QIDs to pull per API request when backfilling vulnerability data

Service Management changes

Application or feature Details
Field Service Management