0
30.2.3
Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
This app version is intended for Unified Security Exposure Management (USEM), a major architectural upgrade to Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade.
For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version of this app below 30.x when installing or upgrading.
The Wiz integrations import vulnerability and compliance data from Wiz scanners into your ServiceNow AI Platform instance to help you get deeper insights into your cloud infrastructure risks. These integrations provide you with a comprehensive assessment of your overall cloud security posture and drive remediation actions directly from the ServiceNow AI Platform.
The Vulnerability Response Integration with Wiz application includes the following key integrations:
- Wiz Asset Integration
- This integration is a prerequisite to run any of the other Wiz integrations. Import assets to which the findings from other subsequent integrations are linked to.
- Wiz Vulnerability Integration
- Import host vulnerability findings related to virtual machines and serverless assets in your cloud environment with Wiz’s Host Vulnerability Integration. These findings are mapped to Host Vulnerable Items (VITs) within the Vulnerability Response application to support remediation workflows.
- Import container image vulnerability data discovered by Wiz. Findings are mapped to container vulnerable items (CVITs) to support triage, risk prioritization, and targeted remediation workflows for container-based workloads.
- Wiz Configuration Compliance Integration (Wiz Test Results)
- Import configuration test results from Wiz to detect non-compliant cloud configurations. Findings are mapped to cloud test results (CTRs) in the Configuration Compliance application to help you enforce security policies and standards across your cloud environment.
- Wiz Issues Integration
- Import Wiz Issues that identify assets involved in toxic combinations of vulnerabilities and misconfigurations. These findings are also mapped to CTRs with 'Wiz Issues' labeled as the source to help you track and remediate assets that may pose complex multi-vector risks.
New:
- The Universally Unique Identifier (UUID) that identifies detections for the Wiz Host Vulnerability integration will be mapped to a detection key. Note: This change is supported for new customers only. For existing customers, the detection key for the Wiz Host Vulnerability integration is created using the combination of vulnerability, asset_id, and proof.
- Added the source_id column to the Container Image Finding table (sn_vul_container_image_findings) and mapped the id attribute from the Wiz import to this field on findings records.
Changed:
- You can configure the First parameter for the Wiz Asset Integration to help you resolve 504 errors. You can reduce the page size if you are having memory issues or generating errors. The default value is 500.
- The default integration instance parameter for configuring finding keys for the Container Vulnerability Integration includes src_ci, vulnerability, package, image_layer, and image_repository.
Fixed:
- Extra or empty tabs are no longer displayed on the Wiz integration configuration page if the Configuration Compliance application is not installed.
- The following Security Operations plugins must be installed and activated:
- com.snc.security_support.vul
- com.snc.secops.orchestration
- The following applications must be installed and activated. These applications are available from the Servicenow Store:
- Vulnerability Response application and its dependent plugins
- For ingesting misconfigurations from Wiz, we need to install the com.snc.vulc plugin
- For ingesting the container vulnerabilities from Wiz, we need to install the com.snc.vulnerability.container plugin.
- Permissions and roles:
- System Admin (admin) for installation, and
- sn_vul_container.configure_integration or sn_vul_int_fw.configure_integration to configure the integration.