Version 2.0.0

New Vulnerable Item Creation Module: Create new Vulnerable Items in ServiceNow from Zafran Remediation Items (ZRIs), consolidating multiple vulnerabilities into a single actionable record.

Compatibility has been added for the Zurich release.
Zafran Remediation Items import: Import ZRIs from Zafran RemOps as Vulnerable Items in ServiceNow.
Integration now uses V2 API endpoints. This should happen automatically, but if you are updating from a previous version, it is recommended to verify the configuration:
- Navigate to Zafran Vulnerability Integration > Admin Integration Instances
- Open the "Zafran Platform" Integration Instance, and confirm the resource path parameters are correct.
Asset Identification integration has been deprecated.
- Importing Zafran Enrichment data no longer requires Discovered Items to be created for Zafran.
- The Zafran Asset Identification Integration scheduled job should be automatically disabled when you install the update, but it is recommended to verify by navigating to Zafran Vulnerability Integration > Import Integrations and ensuring that the Zafran Asset Identification Integration is inactive.
Guided Setup updates:
- Connection Manager has been updated to reflect Remediaton Items addition. An option for a "Remediation Items Query" has been added for filtering which Vulnerable Items are imported.
- Configure Vulnerability Enrichment Integrations: Removed steps for reviewing CI Lookup Rules and Scanner Lookups, these are no longer required by the Enrichment Integration.
- Configure Remediation Items Integration: This new section is used to configure the import of Vulnerable Items from Zafran to ServiceNow.
  - A Migration Script is provided. If you have been using the Enrichment flow with a previous version of the Zafran integration, and want to switch to the Remediation Items (Vulnerable Item import) Integration, run this script to deactivate Enrichment flow components such as CI Lookup Rules and Scheduled Jobs that are not needed for the Remediation Items integration.

Version 1.0.2

This patch adds the following minor enhancements:

Hide mitigative factors marked as "obsolete"
Rename the application to "Zafran Threat Exposure Management Platform"

Version 1.0.1

This patch adds the following minor enhancements:

Asset Identification vulnerability integration has been updated from createOrUpdateCI to createOrUpdateCIEnhanced in the IdentificationEngine API which allows for additional options.

System property x_zafse_zafran_vr.asset_id_skip_updating_source_last_discovered_to_now has been added to configure the behavior of the Asset Identification vulnerability integration. Once a match is identified, this flag indicates whether to skip updating the discovery_source and last_discovered fields in the Configuration Item [cmdb_ci] table. (Default: true)
System property x_zafse_zafran_vr.asset_id_skip_updating_last_scan_to_now has been added to configure the behavior of the Asset Identification vulnerability integration. Once a match is identified, this flag indicates whether to skip updating the sys_object_source's last_scan time field. (Default: true)

Zafran Installation and Configuration Guide has been enhanced with additional guidance on role assignment and details around the Zafran enrichment table architecture.

This patch also contains the following minor bugfixes:

The "Last Seen" field on Zafran Findings, Mitigative Factors, and Internet-Facing Evidences was showing as "1969" instead of empty for empty values. This has been corrected in this patch.

Version 1.0.0

This is the initial release of the Zafran Risk & Mitigation for Vulnerability Response integration, compatible with ServiceNow versions Utah, Vancouver, and WashingtonDC.

The integration first identifies Zafran Assets in the ServiceNow CMDB, and then imports Zafran findings, including Mitigative Factors, Internet-Facing Evidence, and a recalculated Applicable Risk Score. This additional data is directly related to the Vulnerable Items records in ServiceNow, allowing the data to be displayed on the Vulnerable Item form.