Version history for the Security Support Common on the ServiceNow Store.

Important: For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

Version history

Version 13.14.0 - August 2024
  • Changed:
    • Migrated Threat lookup workflow to sub-flow
    • Migrated Enrichment workflow to sub-flow.
Version 13.13.4 - May 2024
  • Fixed ACL issues.
  • OS/Netbios will be updated on Discovered Item on change of payload(source_data).
Version 13.12.5 - March 2024
Fixed: On the Run Additional Actions modal, now the Comment field is set as a mandatory field (to support Microsoft Defender for Endpoint).
Version 13.12.2 - February 2024
Changes to support risk reduction by Compensating Controls feature.
Version 13.11.1 - January 2024
Fixed: Attachments on the table sn_sec_cmn_integration_process are failing because of the Anti-virus scan.
Version 13.11.0 - December 2023
No existing features were impacted with this version.
Version 13.9.2 - November 2023
  • New:
    • A configuration which redirects the creation of unclassed assets.
    • A fix script which determines the default CMDB class mapping.
Version 13.7.2 - August 2023
  • Changed: The MS Defender Capabilities Isolate Host and Run Antivirus scandialogue boxes' Typefield is now a drop-down instead of a text.
  • Fixed: Invalid query in the 'Enrichment data mapping' field, sys_relationship.
Version 13.6.6 - June 2023
Fixed: For Advanced Risk Rule Calculators, the resulting risk score information in the sample scenarios was being populated with incomplete information. This issue has been fixed. The resulting risk score information is now correctly populated.
Version 13.6.5 - May 2023
  • Fixed:
    • Discovered items for cloud resources are created in an unmatched state if there are no CIs found by the lookup rules.
    • The Dependent field of the Reference Record column in the Threat Lookup Result Table (sn_sec_cmn_enrichment_data_base) is configured as expected.
    • 'Assignable by' or 'Application Administrator' should not be used with roles when the scoped application has 'Application administration' set to 'false'.
    • Vancouver Directives - Implemented Table Cleaner rules for Now Platform tables from the Security Incident Response application that are used frequently.
Version 13.5.2 - February 2023
  • New: Added the column 'Matching type' to the discovered items table to understand whether the discovered item has been matched by IRE or CI lookup rules, or created by IRE or VR.
  • Changed: Framework updates in Security Support Common can now be used by Configuration Compliance, Application Vulnerability Response, and Container Vulnerability Response.
  • Fixed: Reapply CI lookup rule is now working on assets with the Cloud asset category.
Version 13.4.4 - November 2022
  • New: Added a capability to refresh tags on cloud assets from CMDB on a daily basis.
  • Changed:
    • [Security support common] Added logic to migrate the Threat lookup trigger to Capability Framework v2.
    • Added the ability to ignore unclassed hardware and unmatched configuration items during Lookup Rules execution.
  • Fixed:
    • Potential memory leak risk from OOTB 'FilterGroupUtil. _getCisForSubnet' function in VR framework
Version 13.3.3 - August 2022
New: Changes for supporting new features in Vulnerability Response. Seeded regions for cloud resources.
Version 13.2.0 - May 2022
Changed: Updates like the addition of new attributes, scripts to support cloud assets, etc.
Version 13.1.1 - March 2022
  • New:
    • Added support for making classification rules generic. Previously only available for the Vulnerability Entry [sn_vul_entry] table, this feature can be enabled on any table in the Vulnerability Response application and within the scope of its dependent applications.
    • Updated the exception management feature so it works with the Application Vulnerability Response and the Vulnerability Response and Configuration Compliance for Containers applications.
Version 13.0.1 - February 2022
No new features or updates are included with this version. This version ensures that features from the last release are compatible with the San Diego family release.
Version 12.5.1 - October 2021
New: Data model to support multi-level approval configuration for Vulnerability Response exception management.
Version 12.4.3 - August 2021
  • New:
    • Added a generic flow action URL decoder which support proof point and safelink encoded URLs.
    • Modified User Reported Phishing functionality to decode URLs before saving them as observables.
Version 12.2.4 - June 2021
  • New:
    • Changes to the common background job framework ensure that jobs are executed in a resource-optimized manner.
    • With this updated job framework, you can now configure the following settings:
      • Define job concurrency by limiting the number of jobs that can run at the same time.
      • Determine the amount of data (number of items) you import with specific jobs.
      • Cancel jobs.
      • Control the total number of background jobs that are processed in parallel, regardless of the job type.
  • Fixed:
    • List support in capability framework version 2. Replaced legacy password2 with KMF field.
Version 12.0.1 - February 2021
Minor fixes.
Version 11.1.5 - December 2020
Changed: As part of the inclusive language initiative, allow list and deny list are replaced with allow list and deny list respectively.
Version 11.1.2 - November 2020
This is a dependency app for Vulnerability Response and Security Incident Response applications.
Version 11.0.1 - October 2020
New: This is the Dependency App for Vulnerability Response and Security Incident Response applications.
Version 10.5.0 - September 2020
Minor fixes related to User Reported Phishing
Version 10.0.3 - April 2020
Fixed: Dispatch actions updated for compatibility with Security Incident Response UI
Version 10.0.0 - March 2020
Changed: Updates to support the latest versions of Security Incident Response and Vulnerability Response Applications
Version 9.0.0 - November 2019
  • New: Dependency and Util code for Security Incident Response and Vulnerability Response November release
  • Fixed: PRB fixes post July Q3 release
Version 8.0.10 - June 2019
Refer to Vulnerability Response release notes for product changes and updates in the Madrid release.