0
32.0.3
Australia, Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
Integration
This app version is intended for Unified Security Exposure Management (USEM), a major architectural upgrade to Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade.
For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version of this app below 30.x when installing or upgrading.
The Wiz integrations import vulnerability and compliance data from Wiz scanners into your ServiceNow AI Platform instance to help you get deeper insights into your cloud infrastructure risks. These integrations provide you with a comprehensive assessment of your overall cloud security posture and drive remediation actions directly from the ServiceNow AI Platform.
The Vulnerability Response Integration with Wiz application includes the following key integrations:
- Wiz Asset Integration
- This integration is a prerequisite to run any of the other Wiz integrations. Import assets to which the findings from other subsequent integrations are linked to.
- Wiz Vulnerability Integration
- Import host vulnerability findings related to virtual machines and serverless assets in your cloud environment with Wiz’s Host Vulnerability Integration. These findings are mapped to Host Vulnerable Items (VITs) within the Vulnerability Response application to support remediation workflows.
- Import container image vulnerability data discovered by Wiz. Findings are mapped to container vulnerable items (CVITs) to support triage, risk prioritization, and targeted remediation workflows for container-based workloads.
- Wiz Configuration Compliance Integration (Wiz Test Results)
- Import configuration test results from Wiz to detect non-compliant cloud configurations. Findings are mapped to cloud test results (CTRs) in the Configuration Compliance application to help you enforce security policies and standards across your cloud environment.
- Wiz Issues Integration
- Import Wiz Issues that identify assets involved in toxic combinations of vulnerabilities and misconfigurations. These findings are also mapped to CTRs with 'Wiz Issues' labeled as the source to help you track and remediate assets that may pose complex multi-vector risks.
- Wiz Application list, Wiz SCA findings, and Wiz Secret findings integrations
- Import application, Software Composition Analysis (SCA), findings, Secrets (passwords, tokens and keys) data.
New:
- Import application, Software Composition Analysis (SCA), findings, Secrets (passwords, tokens and keys) data with the Wiz Application list, Wiz SCA findings, and Wiz Secret findings integrations.
- The Universally Unique Identifier (UUID) provided by Wiz is now mapped as the detection key for the Wiz Host Vulnerability integration.
- Added the source_id column to the Container Image Finding (sn_vul_container_image_findings) table. The id attribute from the Wiz payload is mapped to this field on findings records, enabling correlation between Wiz and ServiceNow.
- The App Vulnerabilities Configuration tab to the Wiz integration configuration page. The tab supports the following configurable parameters: SCA Findings Record Count, App List Record Count, Secret Findings Record Count, and Manage Exceptions in ServiceNow. If you select Manage Exceptions in ServiceNow, imported ignored findings from Wiz are mapped to Open in your instance.
- Package table insertion for the Wiz Container Vulnerability Response integration now supports additional detection methods: FILE_PATH and OS, in addition to the existing LIBRARY and PACKAGE methods.
- A new detection_method column is populated from the Wiz payload and has been added to both the detection and finding tables.
- The Validated in Runtime flag is rolled up from Container Image Findings to the Container Vulnerable Item (CVIT) level.
Changed:
- Finding uniqueness for the Wiz Container Vulnerability integration now includes the "Path" attribute. Existing findings are automatically migrated to the updated key structure, with irrelevant findings closed as invalid.
- Repository names for discovered container images are now stored in registry/repository format. All repositories associated with an image are appended to the Repository field on the Discovered Container Image record.
- Vulnerabilities, test results, and issues from Wiz are no longer skipped if the Cloud provider, Resource type or Native type fields are empty in the payload.
- Severity at the vulnerability entry level is now mapped to the cvssSeverity.
Fixed:
- Object ID extraction for AWS virtual machines in the Wiz Host Configuration Compliance integration.
- An exception during the Wiz Host Vulnerability Integration job when providerUniqueId was null has been resolved. The integration now uses externalId to set the resource_id, falling back to providerUniqueId only if externalId is empty.
- The Projects field on Discovered Container Image records is no longer empty after running the Wiz Container Vulnerabilities integration. Previously, the field was overwritten instead of appended during processing.
- Users with the sn_vul_wiz.configure_integration role can update the Import since date and cancel integration runs for Wiz integrations.
- Detections generated by the Wiz Host Vulnerability integration are no longer linked to non-existent VITs, resolving missing detection records for affected customers.
- State management logic for CVITs now correctly considers the granularity information while closing and reopening the CVITs.
- The following Security Operations plugins must be installed and activated:
- com.snc.security_support.vul
- com.snc.secops.orchestration
- The following applications must be installed and activated. These applications are available from the Servicenow Store:
- Vulnerability Response application and its dependent plugins
- For ingesting misconfigurations from Wiz, we need to install the com.snc.vulc plugin
- For ingesting the container vulnerabilities from Wiz, we need to install the com.snc.vulnerability.container plugin.
- Permissions and roles:
- System Admin (admin) for installation, and
- sn_vul_container.configure_integration or sn_vul_int_fw.configure_integration to configure the integration.