Vulnerability Response integrations release notes
-
- UpdatedAug 3, 2023
- 7 minutes to read
- Vancouver
- Release Notes and Upgrades
The Vancouver release is no longer supported. As such, the product documentation and release notes are provided for informational purposes only, and will not be updated.
The third-party integrations with the ServiceNow® Vulnerability Response application help to enrich your vulnerability data. The ServiceNow applications and third-party integrations that are compatible with the Vulnerability Response application were enhanced and updated in the Vancouver release.
Vulnerability Response integrations highlights for the Vancouver release
- Use the new JSON-based API integrations that were added to the Veracode Vulnerability integration to ingest the enhanced Veracode vulnerability data.
- Ingest the Software Bill of Materials (SBOM) data from Veracode in the CycloneDx format with the Veracode SBOM integration.
- Import Static application security testing (SAST) and Software Composition Analysis (SCA) data with the GitHub Application Vulnerability Integration to help you view the vulnerability alerts in the repositories of your GitHub environment.
See Vulnerability Response integrations for more information.
Important: Supported Integrations with Vulnerability Response are available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.
Important information for upgrading Vulnerability Response to Vancouver
- For more information about the released versions of the Vulnerability Response application, as well as the third-party and ServiceNow applications that are compatible with Vancouver, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the knowledge base.
- For information about the new features for Vulnerability Response, see Vulnerability Response release notes.
New in the Vancouver release
- Leverage Exploit Prediction Scoring System (EPSS) score for vulnerability prioritisation
- Use the Exploit Prediction Scoring System (EPSS) integration to import the EPSS data that is related to common vulnerabilities and exposures (CVEs) from First.org to enrich the NVD data in your instance to prioritize and remediate vulnerabilities.
- GitHub Application Vulnerability Integration
- Import Static application security testing (SAST) and Software Composition Analysis (SCA) data with the GitHub Application Vulnerability Integration to help you view the vulnerability alerts in the repositories of your GitHub environment.
- Veracode Vulnerability Integration
- The following enhancements to version 4.1 of the Veracode JSON Vulnerability Integration help you to perform the following tasks:
- Add multiple Severity values provided by Veracode on the integration configuration page to help you filter imports. Only the records that match your filters are displayed.
- Configure the time in hours for scheduled jobs with the start time buffer property (sn_vul_veracode.import_starttime_buffer). The value that you enter is subtracted from a job's Start Time (delta_start_time) to help you avoid conflicts.
- Retrieve all of an application's associated projects with the Links project Integration. Imported data, such as Last SCA Scan Date, is displayed on the discovered applications, scan summaries, and application vulnerable item (AVI) records.
- Triage your imported application vulnerabilities with ServiceNow workflows. The following options on the configuration page are activated by default:
- Manage exceptions in ServiceNow triages AVIs with the ServiceNow Exception management workflow. Deactivate the option to preserve the Source states on AVIs imported from Veracode.
- Manage false positives in ServiceNow triages false positives with the ServiceNow False positive workflow. Deactivate the option to preserve the Source states on AVIs imported from Veracode.
With this release, there are more supported combinations for state mapping that enable the system to map scanner imports to their associated states in your instance.
- Fortify Vulnerability Integration
- Starting with version 2.2, triage your imported application vulnerabilities with ServiceNow workflows. The following options on the configuration page are activated by default:
- Manage exceptions in ServiceNow triages AVIs with the ServiceNow Exception management workflow. Deactivate the option to preserve the Source states on AVIs imported from Fortify.
- Manage false positives in ServiceNow triages false positives with the ServiceNow False positive workflow. Deactivate the option to preserve the Source states on AVIs imported from Fortify.
With this release, there are more supported combinations for state mapping that enable the system to map scanner imports to their associated states in your instance.
- Agile management integration with Vulnerability Response
- Leverage the tools for issue tracking and agile management, such as Atlassian Jira, for vulnerability remediation. Vulnerability Response is integrated with Atlassian Jira to create issues that correspond to vulnerabilities. They’re synchronized with the issue entity in Jira and the vulnerability item entity in Vulnerability Response bidirectionally to reflect the latest updates.
- Veracode Vulnerability Integration
- Integrations were added to version 4.0 of the Vulnerability Response Integration with Veracode so that you can do the following tasks:
- Use the Veracode Categories Integration to import the category data.
- Use the Veracode CWE Integration to import the remediation recommendations for threat information that is reported by Veracode.
- Use the Veracode SBOM Integration to upload and parse SBOMs that are generated by Veracode in the CycloneDx format.
- View the Veracode DevOps Integration on the Application Vulnerability Integrations list in Application Vulnerability Response. If you have a DevOps Change Velocity license, this feature is structured so that DevOps users do not need a SecOps license to view the summary details for the third-party vulnerability scans. There’s no impact or change to Application Vulnerability Response.
- Import data via a JSON REST API with the Veracode Application List, Veracode Scan Summary, and Application Vulnerable Item integrations.
- Importing parameters that were added to the Veracode Vulnerability Integration instance
- Starting with version 4.0 of the Vulnerability Response Integration with Veracode, you can modify the following import parameters:
- import manual: Import manual penetration testing results from Veracode.
- import_sca: Import Software Composition Analysis (SCA) vulnerabilities.
- status: Import findings in Open, Closed, or both Open and Closed states.
- policy_sandbox: Import records that correspond to a policy or to a sandbox. These records might be related to the application testing in your environment.
- policy_rule_passed: Import only the records that have passed a policy rule. These records might be related to the application testing in your environment.
- Viewing the integration dashboards from the Vulnerability Manager workspace
- Starting with version 19.0 of Vulnerability Response and version 2.1, the following dashboards are only available from the workspaces:
- Watchdog overview dashboard
- Qualys overview dashboard
- Rapid7 integration run status dashboard
- Prisma Cloud Compute (CVR) integration run status dashboard
- Vulnerability Approvals dashboard
- Vulnerability Remediation dashboard
- Vulnerability response usage dashboard
- Microsoft TVM integration run status dashboard
- Tenable integration run status dashboard
- Qualys integration run status dashboard
- Timestamps (heartbeats) to indicate that the queue is alive
- Starting with v19.0 of Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate that the queue is alive and processing valid data. Previously, the integration processes were timing out after one hour, even if the import queue entry was still being processed. As a result, the integration run status was being updated as an error.
- Timestamps (heartbeats) to indicate that the queue is alive
- Starting with v19.0 of Application Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate that the queue is alive and processing valid data. Previously, the integration processes were timing out after one hour, even if the import queue entry was still being processed. As a result, the integration run status was being updated as an error.
- Timestamps (heartbeats) to indicate that the queue is alive
- Starting with v2.1 of Container Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate that the queue is alive and processing valid data. Previously, the integration processes were timing out after one hour, even if the import queue entry was still being processed. As a result, the integration run status was being updated as an error.
- Timestamps (heartbeats) to indicate that the queue is alive
- Starting with v14.9 of Configuration Compliance, timestamps (heartbeats) are sent periodically to indicate that the queue is alive and processing valid data. Previously, the integration processes were timing out after one hour, even if the import queue entry was still being processed. As a result, the integration run status was being updated as an error.
- New detection key NIC for Rapid7 Insight VM
- Starting with v19.0 of Vulnerability Response, a new detection key Network Interface Controller (NIC) is added for Rapid7 InsightVM. It’s activated by default. New detections are calculated based on the existing key combinations and the NIC.
- New integration instance parameter to close stale detection for Rapid7 InsightVM
- The close_stale_detections parameter closes the stale detections that are no longer coming through the Rapid7 API via Rapid7 Comprehensive Vulnerable Item Integration - API.
- Rapid7 Data Warehouse solution populated onto vulnerable items directly by Rapid7
- Starting from v19.0 of Vulnerability Response, the preferred solution, generated by Rapid7 Data Warehouse, is directly populated onto the vulnerable items by Rapid7 bypassing the need for Vulnerability Solution Management.
- Categorizing the unmatched cloud assets from Qualys, Rapid7, and Tenable integrations into Unclassed Hardware or Cloud Resource class
- Starting from v20.0 of Vulnerability Response, you can categorize the unmatched cloud assets from Qualys, Rapid7, and Tenable integrations into the Unclassed Hardware or Cloud Resource class by using the sn_sec_cmn.unmatched_cloud_resource_enabled system property.
- Identifying the assets with agent from Tenable.sc integration
- Starting from v20.0 of Vulnerability Response, you can identify the assets under agent scans from Tenable.sc integration.
- Populating malware information from Qualys
- Starting with v12.9.2 of Qualys, malware information from the Qualys knowledge base would be populated and shown as a related list on the Third-party Entry (QID).
Starting with version 12.9.2 of Qualys, you have the option to choose between Basic Authentication or OAuth for rest API calls.
- Quick Start Tests for Vulnerability Response
After upgrades and deployments of new applications or integrations, run quick start tests to verify that Vulnerability Response works as expected. If you customized Vulnerability Response, copy the quick start tests and configure them for your customizations.
Deprecations
- Starting with version 4.0 of the Vulnerability Response Integration with Veracode, three integrations that used XML APIs are deprecated: Application List, Scan Summary, and Application Vulnerable Item. With version 4.0, these three integrations retain the same names but use JSON APIs. See Veracode Vulnerability Integration for more information.
- The NIST National Vulnerability Database Integration-API (CVE and CPE) integration is deprecated. Use theActivate the NIST National Vulnerability Database–API (Unmapped CPE) and the Activate the NIST National Vulnerability Database–API (CPE only) instead. These integrations use the latest NVD 2.0 APIs.
Activation information
Install Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.