Vulnerability Response release notes ServiceNow® Vulnerability Response product enhancements and updates in the Kingston release. The Vulnerability Response application in Security Operations prioritizes vulnerable items and adds business context to help security determine whether business critical systems are at risk. Using the CMDB, it can easily identify dependencies across systems and quickly assess the business impact of changes or downtime. Vulnerability Response provides a comprehensive view of all vulnerabilities affecting a given service, as well as, the current state of all vulnerabilities affecting the organization. Kingston upgrade information During upgrade the Vulnerable Item table is reparented to improve performance. If you have large numbers of vulnerable items, the upgrade process may take additional time. See KB0639978 for more information. No special handling is needed, however, you should stop any Vulnerability Response activities prior to upgrade and record your vulnerable item count. Once complete, verify that your pre- and post-upgrade vulnerable item counts match each other. To reduce upgrade time, if you have Qualys or a third-party integration installed, delete all attachments on your integration data sources. You can find them by navigating to System Import Sets > Administration > Data Sources and searching by integration. See Manage attachments for more information. Activation information Activate the Vulnerability Response plugin and configure it based on the needs of your organization. This plugin is available as a separate subscription. New in the Kingston release Vulnerability Group Rules Use Vulnerability Group Rules to automatically create Vulnerability Groups, grouping all vulnerable items by up to three attributes. Support is available for an optional set of conditions to limit which vulnerable items are grouped. CI Identifier Rules Configure the tables and fields within the CMDB that are used to look up existing Configuration Items when importing Vulnerable Items with CI Identifier Rules. They are also used for other Security Operations integration use cases. Rules are extensible to accommodate attribution and data that may be unique to a customer environment. Manual Vulnerability Groups Manually add and remove Vulnerable Items from a group during the analysis phase of their remediation workflow using Vulnerability Groups. Bulk Editing of Vulnerable Items Modify the State, Priority, or Business impact of many vulnerable items at once. using Bulk Editing It also adds a Work note with the reasons for the change. New Vulnerability fields View new fields on a vulnerability that can indicate whether there are public or active exploits for it. Also, whether it can be remediated via a patch, configuration change, or combination of both. Risk Score View reports on risk posture by business and across the organization in the Risk Score field for vulnerable items was introduced to help drive prioritization of Vulnerability Response remediation. Calculators can be configured to compute the Risk Score based on any attribute of Vulnerable Item, Vulnerability, or related record. Qualys Configuration and Diagnostics Use the new Qualys integration configuration page for Vulnerability Response. It consolidates the most critical parameters for a deployment. A new Integration Run Status page provides diagnostics and counts for each import process. Ungrouped Vulnerable Items Easily identify Vulnerable Items that do not currently belong to an active Vulnerability Group for remediation and patching using Ungrouped Vulnerable Items. Changed in this release Vulnerability Remediation: The following states for vulnerability group remediation have been renamed, along with new state transitions that are available as UI actions on vulnerability groups. Old state name New state name New Open Analysis Under Investigation Ignored Deferred Pending Confirmation Awaiting Implementation Pending Confirmation Resolved Note: Pending Confirmation was replaced with two states to more precisely show progress. It had represented both the case where a change had been requested, and the case there the vulnerability had been resolved and was pending a scanner result to confirm the fix. Upgrade impact of new state names: Pending Confirmation is replaced with Awaiting Implementation. Vulnerable items in a Resolved state reopen, if found as Open by the scanner, as items in the Pending Confirmation state previously did. Items in the Awaiting Implementation state do not reopen, if found as Open. Any custom states remain as-is. There is no impact to custom states. For an FAQ on the impact of this change to existing instances see KB0680543. Substates The Canceled substate was added. Substates for the Closed state of vulnerable items and vulnerability groups have changed as follows: Old substate name New substate name False Positive Results Invalid Irrelevant Results Invalid Upgrade impact of substate change: All other substates for Closed are automatically replaced with new substates. Change Requests: Change Requests issued from a Vulnerability Group include a reference to the Vulnerability Group that created the request instead of the list of Vulnerable Items in the group. Qualys Vulnerability Integration changes include the following: the last_update_by_qualys parameter was deprecated in favor of last_update _by_source. the HostImportReportProcessor script include replaced both the Host Import and Host Detection List Import transform maps. Architectural change for vulnerability items: Due to performance and scale considerations, vulnerable items no longer inherit from the Task table. Vulnerability groups handle all task functionality now. For more information on the drivers and benefits of this change, see KB0680550.Upgrade impact of architectural change: SLAs no longer function on vulnerable items. Remediation target rules allow you to define the remediation target date and monitor progress. NVD data feed URLs have changed. Downloads may stall due to outdated URLs. If you encounter this situation, see KB0683326 for more information on correcting the issue. Removed in this release Task fields on Vulnerable Item: Task fields and related lists no longer appear on vulnerable items including the following: Assignment Group and Assigned to fieldsUpgrade impact of task fields on vulnerable items: If there is data in the Assignment group and/or Assignment to field before the upgrade, the data is preserved, but does not appear in the “Assigned to me or My work menus because vulnerable items are no longer a task. Task SLAs related list The Create Change UI action was removed from the Vulnerable Item form. The Create Problem UI action was removed from both the Vulnerable Groups and Vulnerable Items forms.