Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Vulnerability Response helps organizations respond faster and more efficiently to vulnerabilities, connects security and IT teams, and provides real-time visibility into your security posture. Vulnerability Response connects the workflow and automation capabilities of the Now Platform® with vulnerability scan data from leading vendors to give your teams a single platform for response that can be shared between security and IT.
The Vulnerability Response application includes the following capabilities:
- Automate the process of organizing vulnerabilities into a group and assigning it to the IT operations team.
- Prioritize vulnerabilities based on asset criticality and vulnerability severity.
- Improve the flow of work between Security and IT via a comprehensive remediation workflow.
- Import Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA) vulnerabilities, manual penetration test assessments, and application vulnerable items to help you determine, prioritize, and remediate the impact and priority of flaws in your code using the Application Vulnerability Response (AVR) feature.
- Import information from the NIST National Vulnerability Database (NVD) with the Vulnerability Response Integration with NVD to better understand your vulnerability exposure.
New
- Added Get More Details support for Invicti Platform DAST and IAST application vulnerable items, enabling richer vulnerability detail retrieval directly within the workspace.
- Added declarative actions for AI Security Exposure Management remediation task tables and expanded remediation task record type options to include missing AISEM finding types.
- Added support for submitting risk increase requests directly from the compensating controls workflow, providing a complete risk change management experience.
Fixed
- Corrected navigation from My Requests in the Exception module so records open the corresponding change approval record in workspace views.
- Restored CWE weakness form sections and related configurations that were incorrectly marked for deletion, which caused the default view to appear blank.
- Fixed an issue where updates to disclaimer text for new penetration testing requests were not reflected in the Pen test workspace.
- Resolved an issue where existing findings continued to display mixed open and closed detections after detection key migration to cmdb_ci.
- Corrected an issue where duplicate detections were skipped during execution of the Tenable detection key migration job.
- Fixed data integrity processing where undefined item references prevented reassignment property flags from being applied during Unified Security Exposure Management (USEM) integrity jobs.
- Removed duplicate Rescan action buttons that could appear on the same form.
- Removed duplicate Request Exception action buttons from workspace forms.
- Updated the create remediation task informational message visibility to use role-based access, providing consistent behavior across workspace configurations.
- Fixed alignment issues affecting Watch Topics header action buttons in the Security Exposure Management Workspace Remediation view on narrow screen widths.
- Preserved the remediation target date for deferred findings when they are re-detected, ensuring remediation plans remain intact.
- Restored risk rating updates for application vulnerable items after approval, allowing risk change to be applied correctly.
- Fixed an issue where splitting more than 100 findings created an empty remediation task. Large selections are now processed correctly.
- Strengthened security by enforcing role-based access control for the Get Agile Tool Field Mapping data broker.
- The following dependency plugins for Vulnerability Response must be activated:
- com.snc.vul_dep plugin for Vulnerability Response Dependencies
- The following Security Operations applications must be installed and activated:
- Security Integration Framework
- Security Support Common
- Security Support Orchestration
- Security Exposure Management (requires entitlement from the store)
- Permissions and roles
- Roles required:
- System Admin (admin) for installation
- For Configuration:
- Application Security Manager (User part of App-Sec Manager group) for Application Vulnerability Response
- For access to the Vulnerability Response Workspaces:
- IT Remediation Workspace: sn_vul.remediation_owner
- Roles required: