Contents Madrid release notes Previous Topic Next Topic Vulnerability Response release notes Subscribe Log in to subscribe to topics and get notified when content changes. ... SAVE AS PDF Selected Topic Topic & Subtopics All Topics in Contents Share Vulnerability Response release notes ServiceNow® Vulnerability Response product enhancements and updates in the Madrid release. The Vulnerability Response application in Security Operations helps you identify and prioritize software vulnerabilities affecting your organization, and respond faster using workflows, automation, and orchestration. Madrid upgrade information For releases prior to Kingston, during upgrade the Vulnerable Item table is reparented to improve performance. If you have a large number of vulnerable items, the upgrade process may take additional time. No special handling is needed, however, you should stop any Vulnerability Response activities prior to upgrade and record your vulnerable item count. Once complete, verify that your pre- and post-upgrade vulnerable item counts match. For more information on the impact of reparenting, see the Upgrade impact of reparenting change in the Kingston release [KB0680550] article in the ServiceNow® HI Knowledge Base. For information on the upgrade impact to existing instances, see the Vulnerability Response: FAQ for Kingston Upgrade [KB0680543] article in the HI Knowledge Base. This information does not apply if you upgrade from Kingston to this release. For Kingston release information, see the Kingston Vulnerability Response release notes. If you are upgrading from Kingston, existing CI Identifier Rules are disabled by default, but not removed. These rules appear in Security Operations > CMDB > CI Lookup Rules. To reenable, open a rule and enter values for the Source and Source field fields, select the Active check box, and click Submit. To reduce upgrade time, if you have the Qualys product or a third-party integration installed, delete all attachments on your integration data sources. You can find the attachments by navigating to System Import Sets > Administration > Data Sources and searching by integration. See Manage attachments for more information. Application administration is not enabled, by default, in Vulnerability Response for upgrades. If you add custom tables that rely on inherited ACLs, you must recreate the ACLs in that custom table. If you add custom roles or custom ACLs, and you enable Application administration, retest those roles and ACLs after upgrading. Ensure the assignable by attribute on the roles is set correctly to enable access to application administration. Note: Once enabled, Application administration cannot be disabled. If you upgraded from a previous version of Vulnerability Response, your original Overview page becomes in the Overview (Legacy) module in the left navigation pane. If you created a customized homepage overview, the overview is overwritten by the new reports dashboard. To access your customized homepage, Create a new module for your customized homepage and add it to the Vulnerability Response application. If you are upgrading from a previous version, you can begin using the Vulnerability Response new features immediately. All updates to Vulnerability Response are only available in the ServiceNow® Store. If you have previously installed Vulnerability Response and want an update from the ServiceNow Store, you do not need to activate the System Plugin Dependencies (com.snc.vul_dep) plugin prior to installing the Vulnerability Response update. For customers upgrading to the Madrid release, third-party vulnerability records are read-only. If you update from Vulnerability Response v7.0 to Vulnerability Response v8.0 you must install all the plugins listed under Dependencies & Licensing > App Dependency in the ServiceNow Store prior to installing Vulnerability Response. These plugins are available as separate subscriptions. Note: Vulnerability Response v8.0 Madrid Patch 4 family release. During an upgrade from London to Madrid (Vulnerability Response (VR) version 8.0), the VR Setup Assistant module is overwritten with an incorrect URL. When upgrading from Madrid Vulnerability Responsev7.0 to Vulnerability Response v8.0 on the Madrid platform, or fromLondon to Madrid VR version 8.0, a duplicate Setup Assistant module appears. See KB0749805 to remove the redundant module and fix the London upgrade issue. New in the Madrid release Features available from the ServiceNow StoreNote: Vulnerability Response v8.0 features require the Madrid Patch 4 family release. Vulnerability Solution Management Version 8.0: Automatically correlate the vulnerabilities in your environment with the solutions that would remediate them. Identify the remediation actions that apply to your environment and prioritize them by the greatest reduction in vulnerability risk. Available as a separate subscription within Vulnerability Response, Vulnerability Solution Management contains the Microsoft Security Response Center Solution Integration. Preferred Solutions in vulnerability, vulnerable item, and vulnerability group records are derived from the Microsoft Security Response Center Solution Integration imports and not third-party vulnerability integrations.Preferred Solution values can be set on the vulnerable item or the vulnerability. When set on the vulnerability, all vulnerable items associated with the vulnerability inherit that solution. Note: Preferred Solution values at the vulnerability level are cleared if multiple highest-supersedence solutions exist for a vulnerability, since that solution depends on the affected asset. When multiple highest-supersedence solutions exist for a vulnerability, set a Preferred Solution on the vulnerable item.Tenable and some CVE vulnerabilities with long summaries can cause excessive cell heights in the vulnerability list view on solution records. If a CVE identifier is not present during a Tenable import, vulnerability solution information will not be available. Risk Score calculator enhancementsRisk Score calculator enhancements Version 8.0: Configure your calculators with finer granularity. These calculators provide consistent risk scores across all vulnerable items so you can effectively prioritize the vulnerabilities in your environment.The Default Risk Calculator and Vulnerability Severity calculators are shipped with the base system. Vulnerability Calculators have replaced Vulnerability Calculator Groups for calculating the base Risk Score. for remediation specialists Remediation Owner Role for remediation specialists for remediation specialists Version 8.0: Automatically receive access to vulnerability entries and solutions assigned to you or your group using the sn_vul.remediation_owner role. By default, the itil role contains the sn_vul.remediation_owner role. Vulnerability Response Version 7.0: You no longer have to wait for the platform family release of Vulnerability Response to enjoy new features, updates, and fixes. The latest version of Vulnerability Response is published in the ServiceNow Store and available for download. Setup Assistant is part of the Vulnerability Response application available in the ServiceNow Store Version 7.0: Setup Assistant walks you through the Vulnerability Response setup process in a simple, step-by-step fashion. Setup Assistant helps you discover which capabilities of Vulnerability Response require configuration, identify what permissions are required to configure these capabilities, and learn what settings are recommended for your environment. Setup Assistant helps you deploy Vulnerability Response quickly and efficiently. Vulnerability Response overview homepage Version 7.0: The Vulnerability Response Overview homepage has become a responsive dashboard. Performance Analytics - Content Pack - Vulnerability Response Version 7.0: Using business objective definitions, trending, and forecasting, the Performance Analytics – Content Pack – Vulnerability Response application contains over 40 report widgets. These reports help you monitor metrics across all stages of the vulnerability management lifecycle. This release includes vulnerability KPIs rolled-up to the business service level. KPI rollups give you a better understanding of vulnerability exposure and remediation performance in terms of business operations, rather than technical infrastructure. A Remediation dashboard, using standard Now Platform® reports, is also provided for the IT operations personnel that execute vulnerability remediation activities. This application, is available in the ServiceNow Store. Exploit enrichment Version 7.0: Exploit information imported from third-party integrations has been added to vulnerability entries. Use exploit information to prioritize which vulnerabilities to address first. CVSSv3 support Version 7.0: Vulnerability entries display CVSSv3 metrics. By showing CVSS v3 in addition to the CVSS v2, you can prioritize based on the newest algorithm used to calculate the severity of your vulnerabilities. Vulnerability Assignment Rules Version 7.0: You can define the assignment rules at the vulnerable item level. These assignment rules apply to the group rules by default, and group vulnerabilities by assignment group. Vulnerable Item Risk Rating Version 7.0: A new Risk Rating field on vulnerable item breaks the existing 0-100 risk score tiers into five tiers (Critical, High, Medium, Low, and None) for easier reporting and prioritization. Normalized Severity Version 7.0: Vulnerability assessment products often report vulnerabilities with proprietary integer-based severity scales. These severities are normalized into a common and configurable scheme for improved readability, reporting, and comparison. Updated default form and list views Version 7.0: Various Vulnerability Response default forms and list view forms for have been updated for improved usability. These entities include but are not limited to: Vulnerability entries, Vulnerable Item, Vulnerability Group, Discovered Item, and Approvals. ACLs were updated to ensure that fields that should not be modified are marked read-only. New in existing integrations Starting with Rapid7 Vulnerability Integration v7.1, when migrating to the InsightVM integration type from the Data Warehouse integration type, the InsightVM integration recognizes existing data warehouse vulnerable items, if they were imported from the same data source. It does not create duplicate records, so you can seamlessly migrate from the Data Warehouse to InsightVM integration type.And Rapid7 Vulnerability Integration v 7.1 adds exploit data import for both the Data Warehouse and InsightVM integration types. Rapid7 Vulnerability Integration v 6.2 adds imports using the Rapid7 InsightVM API for discovery, detection, verification, risk classification, and impact analysis to manage risk and remediation. This integration does not require the Rapid7 Nexpose data warehouse.Note: To migrate from the Rapid7 Nexpose vulnerability integration see KB0743164. The latest version of Qualys Vulnerability Integration is published in the ServiceNow Store and available for download. Tenable for Vulnerability Response v2.0: When Tenable for Vulnerability Response vulnerabilities are imported before their corresponding NVD entries, those vulnerabilities are not associated with the NVD vulnerabilities later. Ensure that NVD imports are up to date, and periodically re-import the full Tenable Knowledge Base (KB). Tenable for Vulnerability Response does not currently support Normalized severity. Tenable for Vulnerability Response does not populate exploit fields on third-party vulnerabilities. New integrations Microsoft Security Response Center Solution IntegrationImport solution data for known vulnerabilities and creates relationships with vulnerable items and vulnerability groups. This integration is part of Vulnerability Solution Management. Shodan Exploit Integration v7.0 imports exploit information that helps you prioritize the vulnerabilities in your environment based on risk. This integration enables exploit information enrichment that helps you understand the following exploitability metrics to prioritize the remediation of vulnerabilities: Is there any exploit associated with the vulnerability? What skill level is required to exploit the vulnerability based on the exploit code rank? What is the exploit attack vector? Can the vulnerability be remotely exploited? Once your vulnerabilities are enriched with exploit intelligence, you can define the risk score and group the vulnerabilities based on these parameters. You can also filter key reports to see the high-risk vulnerabilities. Quick start tests for Vulnerability Response Validate the continued functionality of Vulnerability Response after any configuration change such as an upgrade or after developing an application. All test suites and tests should pass on a default implementation. To validate a custom implementation, copy the automated tests and configure them for your customizations. Changed in this release NVD JSON integration Version 8.0: To support the anticipated switch from XML to JSON by the National Vulnerabilities Database (NVD), NVD data feeds have been updated to use JSON.Note: By default, all data feeds for NVD Auto-update are disabled. To enable the feeds you want see Configure the scheduled job for updating NVD records. Requires Madrid Patch 4 family release. Configuration additions to Setup Assistant Version 8.0: Added configuration for Assignment Rules, Vulnerability Solution Management within SetupAssistant. CI Lookup Rule used for the CI appears on Discovered Item records Version 8.0: Added the CI matching rule field to the Discovered Items record to make it easier to identify potential matching issues. The Vulnerability Overview homepage has been converted to a dashboard. Version 7.0: If you have the Performance Analytics – Content Pack – Vulnerability Response application installed and activated, interactive reports are available. Updated remediation target rule behavior Version 7.0: Remediation target behavior has been updated for easier reporting. No Target status added for records without a remediation target date. Target Met added for records closed before their remediation target date. Target Met added for records closed before their remediation target date. Target Missed renamed from Past Target for consistency with Target Met. Remediation target dates and statuses are also rolled-up from vulnerable items to their associated vulnerability groups. Integration changes Qualys Ticket Integration records have moved to a related list in the vulnerable item record. Version 7.0: Qualys Ticket Integration records are no longer imported as vulnerable items. Instead ticket records are listed on an existing vulnerable item under a related list. Where no VI exists, one is created and the ticket is listed in the related list. Removed in this release Version 8.0: Vulnerability Calculator Groups have been renamed Vulnerability Calculators and the group module no longer exists. Version 7.0: Manual creation of third-party vulnerabilities has been removed. Activation information Activate the Vulnerability Response Dependencies plugin (com.snc.vul_dep). Download and install Vulnerability Response from the ServiceNow Store and configure this application based on the needs of your organization using Setup Assistant. This application is available as a separate subscription. On this page Send Feedback Previous Topic Next Topic
Vulnerability Response release notes ServiceNow® Vulnerability Response product enhancements and updates in the Madrid release. The Vulnerability Response application in Security Operations helps you identify and prioritize software vulnerabilities affecting your organization, and respond faster using workflows, automation, and orchestration. Madrid upgrade information For releases prior to Kingston, during upgrade the Vulnerable Item table is reparented to improve performance. If you have a large number of vulnerable items, the upgrade process may take additional time. No special handling is needed, however, you should stop any Vulnerability Response activities prior to upgrade and record your vulnerable item count. Once complete, verify that your pre- and post-upgrade vulnerable item counts match. For more information on the impact of reparenting, see the Upgrade impact of reparenting change in the Kingston release [KB0680550] article in the ServiceNow® HI Knowledge Base. For information on the upgrade impact to existing instances, see the Vulnerability Response: FAQ for Kingston Upgrade [KB0680543] article in the HI Knowledge Base. This information does not apply if you upgrade from Kingston to this release. For Kingston release information, see the Kingston Vulnerability Response release notes. If you are upgrading from Kingston, existing CI Identifier Rules are disabled by default, but not removed. These rules appear in Security Operations > CMDB > CI Lookup Rules. To reenable, open a rule and enter values for the Source and Source field fields, select the Active check box, and click Submit. To reduce upgrade time, if you have the Qualys product or a third-party integration installed, delete all attachments on your integration data sources. You can find the attachments by navigating to System Import Sets > Administration > Data Sources and searching by integration. See Manage attachments for more information. Application administration is not enabled, by default, in Vulnerability Response for upgrades. If you add custom tables that rely on inherited ACLs, you must recreate the ACLs in that custom table. If you add custom roles or custom ACLs, and you enable Application administration, retest those roles and ACLs after upgrading. Ensure the assignable by attribute on the roles is set correctly to enable access to application administration. Note: Once enabled, Application administration cannot be disabled. If you upgraded from a previous version of Vulnerability Response, your original Overview page becomes in the Overview (Legacy) module in the left navigation pane. If you created a customized homepage overview, the overview is overwritten by the new reports dashboard. To access your customized homepage, Create a new module for your customized homepage and add it to the Vulnerability Response application. If you are upgrading from a previous version, you can begin using the Vulnerability Response new features immediately. All updates to Vulnerability Response are only available in the ServiceNow® Store. If you have previously installed Vulnerability Response and want an update from the ServiceNow Store, you do not need to activate the System Plugin Dependencies (com.snc.vul_dep) plugin prior to installing the Vulnerability Response update. For customers upgrading to the Madrid release, third-party vulnerability records are read-only. If you update from Vulnerability Response v7.0 to Vulnerability Response v8.0 you must install all the plugins listed under Dependencies & Licensing > App Dependency in the ServiceNow Store prior to installing Vulnerability Response. These plugins are available as separate subscriptions. Note: Vulnerability Response v8.0 Madrid Patch 4 family release. During an upgrade from London to Madrid (Vulnerability Response (VR) version 8.0), the VR Setup Assistant module is overwritten with an incorrect URL. When upgrading from Madrid Vulnerability Responsev7.0 to Vulnerability Response v8.0 on the Madrid platform, or fromLondon to Madrid VR version 8.0, a duplicate Setup Assistant module appears. See KB0749805 to remove the redundant module and fix the London upgrade issue. New in the Madrid release Features available from the ServiceNow StoreNote: Vulnerability Response v8.0 features require the Madrid Patch 4 family release. Vulnerability Solution Management Version 8.0: Automatically correlate the vulnerabilities in your environment with the solutions that would remediate them. Identify the remediation actions that apply to your environment and prioritize them by the greatest reduction in vulnerability risk. Available as a separate subscription within Vulnerability Response, Vulnerability Solution Management contains the Microsoft Security Response Center Solution Integration. Preferred Solutions in vulnerability, vulnerable item, and vulnerability group records are derived from the Microsoft Security Response Center Solution Integration imports and not third-party vulnerability integrations.Preferred Solution values can be set on the vulnerable item or the vulnerability. When set on the vulnerability, all vulnerable items associated with the vulnerability inherit that solution. Note: Preferred Solution values at the vulnerability level are cleared if multiple highest-supersedence solutions exist for a vulnerability, since that solution depends on the affected asset. When multiple highest-supersedence solutions exist for a vulnerability, set a Preferred Solution on the vulnerable item.Tenable and some CVE vulnerabilities with long summaries can cause excessive cell heights in the vulnerability list view on solution records. If a CVE identifier is not present during a Tenable import, vulnerability solution information will not be available. Risk Score calculator enhancementsRisk Score calculator enhancements Version 8.0: Configure your calculators with finer granularity. These calculators provide consistent risk scores across all vulnerable items so you can effectively prioritize the vulnerabilities in your environment.The Default Risk Calculator and Vulnerability Severity calculators are shipped with the base system. Vulnerability Calculators have replaced Vulnerability Calculator Groups for calculating the base Risk Score. for remediation specialists Remediation Owner Role for remediation specialists for remediation specialists Version 8.0: Automatically receive access to vulnerability entries and solutions assigned to you or your group using the sn_vul.remediation_owner role. By default, the itil role contains the sn_vul.remediation_owner role. Vulnerability Response Version 7.0: You no longer have to wait for the platform family release of Vulnerability Response to enjoy new features, updates, and fixes. The latest version of Vulnerability Response is published in the ServiceNow Store and available for download. Setup Assistant is part of the Vulnerability Response application available in the ServiceNow Store Version 7.0: Setup Assistant walks you through the Vulnerability Response setup process in a simple, step-by-step fashion. Setup Assistant helps you discover which capabilities of Vulnerability Response require configuration, identify what permissions are required to configure these capabilities, and learn what settings are recommended for your environment. Setup Assistant helps you deploy Vulnerability Response quickly and efficiently. Vulnerability Response overview homepage Version 7.0: The Vulnerability Response Overview homepage has become a responsive dashboard. Performance Analytics - Content Pack - Vulnerability Response Version 7.0: Using business objective definitions, trending, and forecasting, the Performance Analytics – Content Pack – Vulnerability Response application contains over 40 report widgets. These reports help you monitor metrics across all stages of the vulnerability management lifecycle. This release includes vulnerability KPIs rolled-up to the business service level. KPI rollups give you a better understanding of vulnerability exposure and remediation performance in terms of business operations, rather than technical infrastructure. A Remediation dashboard, using standard Now Platform® reports, is also provided for the IT operations personnel that execute vulnerability remediation activities. This application, is available in the ServiceNow Store. Exploit enrichment Version 7.0: Exploit information imported from third-party integrations has been added to vulnerability entries. Use exploit information to prioritize which vulnerabilities to address first. CVSSv3 support Version 7.0: Vulnerability entries display CVSSv3 metrics. By showing CVSS v3 in addition to the CVSS v2, you can prioritize based on the newest algorithm used to calculate the severity of your vulnerabilities. Vulnerability Assignment Rules Version 7.0: You can define the assignment rules at the vulnerable item level. These assignment rules apply to the group rules by default, and group vulnerabilities by assignment group. Vulnerable Item Risk Rating Version 7.0: A new Risk Rating field on vulnerable item breaks the existing 0-100 risk score tiers into five tiers (Critical, High, Medium, Low, and None) for easier reporting and prioritization. Normalized Severity Version 7.0: Vulnerability assessment products often report vulnerabilities with proprietary integer-based severity scales. These severities are normalized into a common and configurable scheme for improved readability, reporting, and comparison. Updated default form and list views Version 7.0: Various Vulnerability Response default forms and list view forms for have been updated for improved usability. These entities include but are not limited to: Vulnerability entries, Vulnerable Item, Vulnerability Group, Discovered Item, and Approvals. ACLs were updated to ensure that fields that should not be modified are marked read-only. New in existing integrations Starting with Rapid7 Vulnerability Integration v7.1, when migrating to the InsightVM integration type from the Data Warehouse integration type, the InsightVM integration recognizes existing data warehouse vulnerable items, if they were imported from the same data source. It does not create duplicate records, so you can seamlessly migrate from the Data Warehouse to InsightVM integration type.And Rapid7 Vulnerability Integration v 7.1 adds exploit data import for both the Data Warehouse and InsightVM integration types. Rapid7 Vulnerability Integration v 6.2 adds imports using the Rapid7 InsightVM API for discovery, detection, verification, risk classification, and impact analysis to manage risk and remediation. This integration does not require the Rapid7 Nexpose data warehouse.Note: To migrate from the Rapid7 Nexpose vulnerability integration see KB0743164. The latest version of Qualys Vulnerability Integration is published in the ServiceNow Store and available for download. Tenable for Vulnerability Response v2.0: When Tenable for Vulnerability Response vulnerabilities are imported before their corresponding NVD entries, those vulnerabilities are not associated with the NVD vulnerabilities later. Ensure that NVD imports are up to date, and periodically re-import the full Tenable Knowledge Base (KB). Tenable for Vulnerability Response does not currently support Normalized severity. Tenable for Vulnerability Response does not populate exploit fields on third-party vulnerabilities. New integrations Microsoft Security Response Center Solution IntegrationImport solution data for known vulnerabilities and creates relationships with vulnerable items and vulnerability groups. This integration is part of Vulnerability Solution Management. Shodan Exploit Integration v7.0 imports exploit information that helps you prioritize the vulnerabilities in your environment based on risk. This integration enables exploit information enrichment that helps you understand the following exploitability metrics to prioritize the remediation of vulnerabilities: Is there any exploit associated with the vulnerability? What skill level is required to exploit the vulnerability based on the exploit code rank? What is the exploit attack vector? Can the vulnerability be remotely exploited? Once your vulnerabilities are enriched with exploit intelligence, you can define the risk score and group the vulnerabilities based on these parameters. You can also filter key reports to see the high-risk vulnerabilities. Quick start tests for Vulnerability Response Validate the continued functionality of Vulnerability Response after any configuration change such as an upgrade or after developing an application. All test suites and tests should pass on a default implementation. To validate a custom implementation, copy the automated tests and configure them for your customizations. Changed in this release NVD JSON integration Version 8.0: To support the anticipated switch from XML to JSON by the National Vulnerabilities Database (NVD), NVD data feeds have been updated to use JSON.Note: By default, all data feeds for NVD Auto-update are disabled. To enable the feeds you want see Configure the scheduled job for updating NVD records. Requires Madrid Patch 4 family release. Configuration additions to Setup Assistant Version 8.0: Added configuration for Assignment Rules, Vulnerability Solution Management within SetupAssistant. CI Lookup Rule used for the CI appears on Discovered Item records Version 8.0: Added the CI matching rule field to the Discovered Items record to make it easier to identify potential matching issues. The Vulnerability Overview homepage has been converted to a dashboard. Version 7.0: If you have the Performance Analytics – Content Pack – Vulnerability Response application installed and activated, interactive reports are available. Updated remediation target rule behavior Version 7.0: Remediation target behavior has been updated for easier reporting. No Target status added for records without a remediation target date. Target Met added for records closed before their remediation target date. Target Met added for records closed before their remediation target date. Target Missed renamed from Past Target for consistency with Target Met. Remediation target dates and statuses are also rolled-up from vulnerable items to their associated vulnerability groups. Integration changes Qualys Ticket Integration records have moved to a related list in the vulnerable item record. Version 7.0: Qualys Ticket Integration records are no longer imported as vulnerable items. Instead ticket records are listed on an existing vulnerable item under a related list. Where no VI exists, one is created and the ticket is listed in the related list. Removed in this release Version 8.0: Vulnerability Calculator Groups have been renamed Vulnerability Calculators and the group module no longer exists. Version 7.0: Manual creation of third-party vulnerabilities has been removed. Activation information Activate the Vulnerability Response Dependencies plugin (com.snc.vul_dep). Download and install Vulnerability Response from the ServiceNow Store and configure this application based on the needs of your organization using Setup Assistant. This application is available as a separate subscription.
Vulnerability Response release notes ServiceNow® Vulnerability Response product enhancements and updates in the Madrid release. The Vulnerability Response application in Security Operations helps you identify and prioritize software vulnerabilities affecting your organization, and respond faster using workflows, automation, and orchestration. Madrid upgrade information For releases prior to Kingston, during upgrade the Vulnerable Item table is reparented to improve performance. If you have a large number of vulnerable items, the upgrade process may take additional time. No special handling is needed, however, you should stop any Vulnerability Response activities prior to upgrade and record your vulnerable item count. Once complete, verify that your pre- and post-upgrade vulnerable item counts match. For more information on the impact of reparenting, see the Upgrade impact of reparenting change in the Kingston release [KB0680550] article in the ServiceNow® HI Knowledge Base. For information on the upgrade impact to existing instances, see the Vulnerability Response: FAQ for Kingston Upgrade [KB0680543] article in the HI Knowledge Base. This information does not apply if you upgrade from Kingston to this release. For Kingston release information, see the Kingston Vulnerability Response release notes. If you are upgrading from Kingston, existing CI Identifier Rules are disabled by default, but not removed. These rules appear in Security Operations > CMDB > CI Lookup Rules. To reenable, open a rule and enter values for the Source and Source field fields, select the Active check box, and click Submit. To reduce upgrade time, if you have the Qualys product or a third-party integration installed, delete all attachments on your integration data sources. You can find the attachments by navigating to System Import Sets > Administration > Data Sources and searching by integration. See Manage attachments for more information. Application administration is not enabled, by default, in Vulnerability Response for upgrades. If you add custom tables that rely on inherited ACLs, you must recreate the ACLs in that custom table. If you add custom roles or custom ACLs, and you enable Application administration, retest those roles and ACLs after upgrading. Ensure the assignable by attribute on the roles is set correctly to enable access to application administration. Note: Once enabled, Application administration cannot be disabled. If you upgraded from a previous version of Vulnerability Response, your original Overview page becomes in the Overview (Legacy) module in the left navigation pane. If you created a customized homepage overview, the overview is overwritten by the new reports dashboard. To access your customized homepage, Create a new module for your customized homepage and add it to the Vulnerability Response application. If you are upgrading from a previous version, you can begin using the Vulnerability Response new features immediately. All updates to Vulnerability Response are only available in the ServiceNow® Store. If you have previously installed Vulnerability Response and want an update from the ServiceNow Store, you do not need to activate the System Plugin Dependencies (com.snc.vul_dep) plugin prior to installing the Vulnerability Response update. For customers upgrading to the Madrid release, third-party vulnerability records are read-only. If you update from Vulnerability Response v7.0 to Vulnerability Response v8.0 you must install all the plugins listed under Dependencies & Licensing > App Dependency in the ServiceNow Store prior to installing Vulnerability Response. These plugins are available as separate subscriptions. Note: Vulnerability Response v8.0 Madrid Patch 4 family release. During an upgrade from London to Madrid (Vulnerability Response (VR) version 8.0), the VR Setup Assistant module is overwritten with an incorrect URL. When upgrading from Madrid Vulnerability Responsev7.0 to Vulnerability Response v8.0 on the Madrid platform, or fromLondon to Madrid VR version 8.0, a duplicate Setup Assistant module appears. See KB0749805 to remove the redundant module and fix the London upgrade issue. New in the Madrid release Features available from the ServiceNow StoreNote: Vulnerability Response v8.0 features require the Madrid Patch 4 family release. Vulnerability Solution Management Version 8.0: Automatically correlate the vulnerabilities in your environment with the solutions that would remediate them. Identify the remediation actions that apply to your environment and prioritize them by the greatest reduction in vulnerability risk. Available as a separate subscription within Vulnerability Response, Vulnerability Solution Management contains the Microsoft Security Response Center Solution Integration. Preferred Solutions in vulnerability, vulnerable item, and vulnerability group records are derived from the Microsoft Security Response Center Solution Integration imports and not third-party vulnerability integrations.Preferred Solution values can be set on the vulnerable item or the vulnerability. When set on the vulnerability, all vulnerable items associated with the vulnerability inherit that solution. Note: Preferred Solution values at the vulnerability level are cleared if multiple highest-supersedence solutions exist for a vulnerability, since that solution depends on the affected asset. When multiple highest-supersedence solutions exist for a vulnerability, set a Preferred Solution on the vulnerable item.Tenable and some CVE vulnerabilities with long summaries can cause excessive cell heights in the vulnerability list view on solution records. If a CVE identifier is not present during a Tenable import, vulnerability solution information will not be available. Risk Score calculator enhancementsRisk Score calculator enhancements Version 8.0: Configure your calculators with finer granularity. These calculators provide consistent risk scores across all vulnerable items so you can effectively prioritize the vulnerabilities in your environment.The Default Risk Calculator and Vulnerability Severity calculators are shipped with the base system. Vulnerability Calculators have replaced Vulnerability Calculator Groups for calculating the base Risk Score. for remediation specialists Remediation Owner Role for remediation specialists for remediation specialists Version 8.0: Automatically receive access to vulnerability entries and solutions assigned to you or your group using the sn_vul.remediation_owner role. By default, the itil role contains the sn_vul.remediation_owner role. Vulnerability Response Version 7.0: You no longer have to wait for the platform family release of Vulnerability Response to enjoy new features, updates, and fixes. The latest version of Vulnerability Response is published in the ServiceNow Store and available for download. Setup Assistant is part of the Vulnerability Response application available in the ServiceNow Store Version 7.0: Setup Assistant walks you through the Vulnerability Response setup process in a simple, step-by-step fashion. Setup Assistant helps you discover which capabilities of Vulnerability Response require configuration, identify what permissions are required to configure these capabilities, and learn what settings are recommended for your environment. Setup Assistant helps you deploy Vulnerability Response quickly and efficiently. Vulnerability Response overview homepage Version 7.0: The Vulnerability Response Overview homepage has become a responsive dashboard. Performance Analytics - Content Pack - Vulnerability Response Version 7.0: Using business objective definitions, trending, and forecasting, the Performance Analytics – Content Pack – Vulnerability Response application contains over 40 report widgets. These reports help you monitor metrics across all stages of the vulnerability management lifecycle. This release includes vulnerability KPIs rolled-up to the business service level. KPI rollups give you a better understanding of vulnerability exposure and remediation performance in terms of business operations, rather than technical infrastructure. A Remediation dashboard, using standard Now Platform® reports, is also provided for the IT operations personnel that execute vulnerability remediation activities. This application, is available in the ServiceNow Store. Exploit enrichment Version 7.0: Exploit information imported from third-party integrations has been added to vulnerability entries. Use exploit information to prioritize which vulnerabilities to address first. CVSSv3 support Version 7.0: Vulnerability entries display CVSSv3 metrics. By showing CVSS v3 in addition to the CVSS v2, you can prioritize based on the newest algorithm used to calculate the severity of your vulnerabilities. Vulnerability Assignment Rules Version 7.0: You can define the assignment rules at the vulnerable item level. These assignment rules apply to the group rules by default, and group vulnerabilities by assignment group. Vulnerable Item Risk Rating Version 7.0: A new Risk Rating field on vulnerable item breaks the existing 0-100 risk score tiers into five tiers (Critical, High, Medium, Low, and None) for easier reporting and prioritization. Normalized Severity Version 7.0: Vulnerability assessment products often report vulnerabilities with proprietary integer-based severity scales. These severities are normalized into a common and configurable scheme for improved readability, reporting, and comparison. Updated default form and list views Version 7.0: Various Vulnerability Response default forms and list view forms for have been updated for improved usability. These entities include but are not limited to: Vulnerability entries, Vulnerable Item, Vulnerability Group, Discovered Item, and Approvals. ACLs were updated to ensure that fields that should not be modified are marked read-only. New in existing integrations Starting with Rapid7 Vulnerability Integration v7.1, when migrating to the InsightVM integration type from the Data Warehouse integration type, the InsightVM integration recognizes existing data warehouse vulnerable items, if they were imported from the same data source. It does not create duplicate records, so you can seamlessly migrate from the Data Warehouse to InsightVM integration type.And Rapid7 Vulnerability Integration v 7.1 adds exploit data import for both the Data Warehouse and InsightVM integration types. Rapid7 Vulnerability Integration v 6.2 adds imports using the Rapid7 InsightVM API for discovery, detection, verification, risk classification, and impact analysis to manage risk and remediation. This integration does not require the Rapid7 Nexpose data warehouse.Note: To migrate from the Rapid7 Nexpose vulnerability integration see KB0743164. The latest version of Qualys Vulnerability Integration is published in the ServiceNow Store and available for download. Tenable for Vulnerability Response v2.0: When Tenable for Vulnerability Response vulnerabilities are imported before their corresponding NVD entries, those vulnerabilities are not associated with the NVD vulnerabilities later. Ensure that NVD imports are up to date, and periodically re-import the full Tenable Knowledge Base (KB). Tenable for Vulnerability Response does not currently support Normalized severity. Tenable for Vulnerability Response does not populate exploit fields on third-party vulnerabilities. New integrations Microsoft Security Response Center Solution IntegrationImport solution data for known vulnerabilities and creates relationships with vulnerable items and vulnerability groups. This integration is part of Vulnerability Solution Management. Shodan Exploit Integration v7.0 imports exploit information that helps you prioritize the vulnerabilities in your environment based on risk. This integration enables exploit information enrichment that helps you understand the following exploitability metrics to prioritize the remediation of vulnerabilities: Is there any exploit associated with the vulnerability? What skill level is required to exploit the vulnerability based on the exploit code rank? What is the exploit attack vector? Can the vulnerability be remotely exploited? Once your vulnerabilities are enriched with exploit intelligence, you can define the risk score and group the vulnerabilities based on these parameters. You can also filter key reports to see the high-risk vulnerabilities. Quick start tests for Vulnerability Response Validate the continued functionality of Vulnerability Response after any configuration change such as an upgrade or after developing an application. All test suites and tests should pass on a default implementation. To validate a custom implementation, copy the automated tests and configure them for your customizations. Changed in this release NVD JSON integration Version 8.0: To support the anticipated switch from XML to JSON by the National Vulnerabilities Database (NVD), NVD data feeds have been updated to use JSON.Note: By default, all data feeds for NVD Auto-update are disabled. To enable the feeds you want see Configure the scheduled job for updating NVD records. Requires Madrid Patch 4 family release. Configuration additions to Setup Assistant Version 8.0: Added configuration for Assignment Rules, Vulnerability Solution Management within SetupAssistant. CI Lookup Rule used for the CI appears on Discovered Item records Version 8.0: Added the CI matching rule field to the Discovered Items record to make it easier to identify potential matching issues. The Vulnerability Overview homepage has been converted to a dashboard. Version 7.0: If you have the Performance Analytics – Content Pack – Vulnerability Response application installed and activated, interactive reports are available. Updated remediation target rule behavior Version 7.0: Remediation target behavior has been updated for easier reporting. No Target status added for records without a remediation target date. Target Met added for records closed before their remediation target date. Target Met added for records closed before their remediation target date. Target Missed renamed from Past Target for consistency with Target Met. Remediation target dates and statuses are also rolled-up from vulnerable items to their associated vulnerability groups. Integration changes Qualys Ticket Integration records have moved to a related list in the vulnerable item record. Version 7.0: Qualys Ticket Integration records are no longer imported as vulnerable items. Instead ticket records are listed on an existing vulnerable item under a related list. Where no VI exists, one is created and the ticket is listed in the related list. Removed in this release Version 8.0: Vulnerability Calculator Groups have been renamed Vulnerability Calculators and the group module no longer exists. Version 7.0: Manual creation of third-party vulnerabilities has been removed. Activation information Activate the Vulnerability Response Dependencies plugin (com.snc.vul_dep). Download and install Vulnerability Response from the ServiceNow Store and configure this application based on the needs of your organization using Setup Assistant. This application is available as a separate subscription.
