The ServiceNow Store contains Vulnerability Response products.

Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store.

Recent release highlights for ServiceNow Store - Vulnerability Response

Configuration Compliance (15.3.4)
Fixed: The scheduled job Rollup test result values to remediation task and configuration test will check the status of the previous background job before starting a new one.
Github Application Vulnerability Integration (2.2.0)
Fixed: Resolved a gap where AVITs were not created if the CVE was absent in the response. The system is now made to fall back to using the GHSA ID to create a third-party entry with associated CWEs, ensuring that all findings are processed and AVITs are created without omissions. An issue was addressed where some updates were missing when deltas were pulled from GitHub Dependabot Alerts. A conditional query parameter was introduced using the sort field to ensure complete and consistent data retrieval.
Microsoft Defender for Cloud Integration for Security Operations (2.7.3)
Fixed: To address an error that was occurring with skiptoken, the integration uses the nextLink parameter for pagination requests.
Now Assist for Vulnerability Response (1.0.2)
Empower your vulnerability managers and analysts with AI agents in the Now Assist with Vulnerability Response application to revolutionize how they monitor and remediate your most critical vulnerabilities.
SBOM Response (6.2.2)
Fixed an issue in OSV integration where conflicts arose with existing NVD entries due to CVE IDs in the payload, resulting in broken component-vulnerability links. The integration now handles such cases to prevent duplicate or invalid records. Improvements to deps.dev Integration - Optimized the sorting logic for package version lists and replaced the onComplete script with a Business Rule triggered on version updates, improving performance and accuracy in stale/abandoned package detection. OSV Integration Optimization - Removed unnecessary caching to reduce memory usage and prevent potential out-of-memory issues during large data processing. Business Application Population Enhancement - Now populating business_application on AVIT and app release records only when the associated component has a business application, aligning with customer requirements.
Vulnerability Exposure Assessment (5.1.2)
Fixed: Population of "Installation count" field was fixed when VEX Record was created via Vulnerability Assessment.
Vulnerability Response (26.0.13)
  • Fixed:
    • If you request an extension for an exception rule, multiple approvals are not generated.
    • Exception rules are automatically approved when created by users with granular roles.
    • The Overview page in workspaces will display in Dark mode if you select it in your user preferences.
    • For reimported vulnerable items (VITs), the state roll-up will occur if the Last seen dates are older than the Resolution dates.
    • Editing existing remediation target rules no longer results in duplicated histories.
    • Assignment groups for VITs linked to third-party entries (TPEs) are updated after Tenable imports them, following the execution of lookup rules.
    • A runtime error in detection processing can occur if multiple detections have the same Last found date.
    • When you change your target rules and select Apply Changes, only the remediation target rules marked for reapply are executed.
    • The Running total is displayed on the Default Risk Rule for vulnerability calculators.
    • Configuration item (CI) attributes on VITs are updated to reflect changes in corresponding discovered items.
    • The DetectionBase script include automatically updates the ip_address, DNS, netbios, port, protocol, SSL, and proof fields. Note: To roll these updates up to discovered items and VITs, you must activate the sn_vul.show_last_open_detection system property. This update process may affect system performance.
    • Exclusion rule changes the state of VITs from Under Investigation or Awaiting Implementation to Open.
    • Email notifications are sent for expiring exception requests in Vulnerability Response.
Vulnerability Response Configuration Compliance for Containers (2.13.5)
Fixed: Exception rules are automatically approved when they are created by users with granular roles.
Vulnerability Response Common (2.12.4)
Fixed resubmission of Exception Rule on a pre-approved record.
Vulnerability Response Common Workspace (1.5.8)
Fixed: Removed the unexpected white line on the banner on the Vulnerability Manager Workspace home page when in dark mode.