Vulnerability Response Integration with Wiz release notes

  • Release version: Store
  • Updated June 11, 2026
  • 10 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vulnerability Response Integration with Wiz release notes

    The Vulnerability Response Integration with Wiz enables ServiceNow customers to import and manage vulnerability and compliance data from Wiz scanners within the ServiceNow AI Platform. This integration helps provide a comprehensive assessment of cloud infrastructure security posture and supports remediation actions directly from the platform. It continuously evolves to improve configuration flexibility, data accuracy, security controls, and integration capabilities.

    Show full answer Show less

    Key Features

    • Flexible Configuration: Resource Type is no longer mandatory for integration setup, simplifying configuration for various use cases.
    • Enhanced Security Controls: Access Control Lists (ACLs) and role permissions have been updated to align with internal security directives, enforcing scope-based restrictions on Wiz configuration records.
    • Expanded Data Import: Supports importing Software Composition Analysis (SCA) findings, secrets (passwords, tokens, keys), host vulnerabilities, container vulnerabilities, test results, and issues.
    • Improved Data Mapping: UUIDs from Wiz are used as detection keys for better correlation; detailed descriptions from Wiz payloads replace previous generic URL mappings; vulnerability references are correctly linked to container vulnerable items (CVITs).
    • Comprehensive Container Support: Added detection methods (FILEPATH, OS) for container vulnerabilities, with improved repository naming and metadata population for Kubernetes entities such as Deployments, DaemonSets, StatefulSets, and Pods.
    • Performance and Error Handling: Configurable parameters like 'First' enable customization of page size during asset integration to mitigate errors such as 504s and memory issues.
    • Exception and Ignored Findings Management: Options to manage exceptions within ServiceNow with ignored findings mapped appropriately, improving handling of false positives or exceptions.

    Fixes and Improvements

    • Fixed incomplete short descriptions and resolved-date synchronization for application vulnerable items (AVITs) when Configuration Item (CI) Product Model data is missing.
    • Corrected status propagation for resolved vulnerabilities reported by Wiz.
    • Resolved issues where container vulnerable items were created without proper vulnerability references.
    • Standardized tag storage to enable effective filtering on Discovered Items.
    • Corrected mapping inaccuracies in Wiz Issues integration descriptions for accurate source data representation.
    • Fixed access control issues to maintain read-only visibility of Wiz configurations outside the designated application scope.
    • Addressed date/time format issues and improved mapping for internet exposure and cloud account identifiers.
    • Eliminated redundant or empty UI tabs and disabled certain UI actions to prevent misconfiguration.

    Practical Outcomes for ServiceNow Customers

    • Simplified integration setup with fewer mandatory fields, reducing configuration complexity.
    • Improved data accuracy and completeness, enhancing vulnerability tracking and remediation planning.
    • Enhanced security posture through stricter access controls and role management.
    • Greater visibility into container and cloud resource vulnerabilities with enriched metadata and improved correlation.
    • Flexible integration parameters to optimize performance and reduce errors during data import.
    • Streamlined exception handling within ServiceNow to better manage ignored or exceptional findings.

    Version history for the Vulnerability Response Integration with Wiz application on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 32.1.3 - June 2026 (USEM)
    • Changed:
      • Resource Type is no longer a mandatory field for configuring the Vulnerability Response Integration with Wiz. You can now save Wiz configurations for the integrations without specifying a Resource Type, simplifying setup for use cases where specifying a Resource Type wasn't appropriate.
      • Access Control Lists (ACLs) updated for the Vulnerability Response Integration with Wiz to enhance authorization on data brokers and aggregation surfaces to support internal security directives.
    • Fixed:
      • An issue where the application vulnerable item (AVIT) short description and resolved-date sync with Wiz AVITs created by the Wiz integration no longer show incomplete short descriptions when the Configuration Item (CI) Product Model is unavailable. The Resolved status reported by Wiz now propagates correctly to AVITs and the status update no longer errors out.
      • An issue where container vulnerable items (CVITs) were ingested with a blank Vulnerability field with the Wiz Container Vulnerability Integration and (CVITs) were created with empty vulnerability references. Vulnerability references are resolved so CVITs link to the correct vulnerability records.
      • An issue where the Wiz integration stored host_tag as raw JSON instead of sn_sec_cmn_host_tag sys_ids, causing Resource Tag filters on Discovered Items to return no records. Tags are stored consistently with other integrations and filters work as expected.
      • Fixed an incorrect description mapping for the Wiz Issues integration where the Description field on sn_vulc_result records was being populated with only the Wiz portal URL instead of the detailed control description from the Wiz payload. Descriptions now reflect the source data accurately.
    • Removed: The sn_vul.read_all, sn_vul_int_fw.read_all, sn_vulc.read from the sn_vul_wiz.read_integration, and sn_vul_wiz.configure_integration Wiz integration roles tosupport internal security directives.
    Version 4.1.1 - June 2026
    • Changed:
      • Resource Type is no longer a mandatory field for configuring the Vulnerability Response Integration with Wiz. You can now save Wiz configurations for the integrations without specifying a Resource Type, simplifying setup for use cases where specifying a Resource Type wasn't appropriate.
      • Access Control Lists (ACLs) updated for the Vulnerability Response Integration with Wiz to enhance authorization on data brokers and aggregation surfaces tosupport internal security directives.
    • Fixed:
      • An issue where the application vulnerable item (AVIT) short description and resolved-date sync with Wiz AVITs created by the Wiz integration no longer show incomplete short descriptions when the Configuration Item (CI) Product Model is unavailable. The Resolved status reported by Wiz now propagates correctly to AVITs and the status update no longer errors out.
      • An issue where container vulnerable items (CVITs) were ingested with a blank Vulnerability field with the Wiz Container Vulnerability Integration and (CVITs) were created with empty vulnerability references. Vulnerability references are resolved so CVITs link to the correct vulnerability records.
      • An issue where the Wiz integration stored host_tag as raw JSON instead of sn_sec_cmn_host_tag sys_ids, causing Resource Tag filters on Discovered Items to return no records. Tags are stored consistently with other integrations and filters work as expected.
      • Fixed an incorrect description mapping for the Wiz Issues integration where the Description field on sn_vulc_result records was being populated with only the Wiz portal URL instead of the detailed control description from the Wiz payload. Descriptions now reflect the source data accurately.
    Version 32.0.5 - May 2026 (USEM)
    Fixed: An issue with access control and configuration security has been updated to enforce scope-based restrictions on Wiz configuration records so users can only edit them from within the Wiz application scope [sn_vul_wiz]. Wiz configuration records remain read-only across other scopes to maintain cross-scope visibility for dependent applications and integrations.
    Version 4.0.5 - May 2026
    Fixed: An issue with access control and configuration security has been updated to enforce scope-based restrictions on Wiz configuration records so users can only edit them from within the Wiz application scope [sn_vul_wiz]. Wiz configuration records remain read-only across other scopes to maintain cross-scope visibility for dependent applications and integrations.
    Version 32.0.3 - April 2026 (USEM)
    • New:
      • Import application, Software Composition Analysis (SCA), findings, Secrets (passwords, tokens and keys) data with the Wiz Application list, Wiz SCA findings, and Wiz Secret findings integrations.
      • The Universally Unique Identifier (UUID) provided by Wiz is now mapped as the detection key for the Wiz Host Vulnerability integration.
      • Added the source_id column to the Container Image Finding (sn_vul_container_image_findings) table. The id attribute from the Wiz payload is mapped to this field on findings records, enabling correlation between Wiz and ServiceNow.
      • The App Vulnerabilities Configuration tab to the Wiz integration configuration page. The tab supports the following configurable parameters: SCA Findings Record Count, App List Record Count, Secret Findings Record Count, and Manage Exceptions in ServiceNow. If you select Manage Exceptions in ServiceNow, imported ignored findings from Wiz are mapped to Open in your instance.
      • Package table insertion for the Wiz Container Vulnerability Response integration now supports additional detection methods: FILE_PATH and OS, in addition to the existing LIBRARY and PACKAGE methods.
      • A new detection_method column is populated from the Wiz payload and has been added to both the detection and finding tables.
      • The Validated in Runtime flag is rolled up from Container Image Findings to the Container Vulnerable Item (CVIT) level.
    • Changed:
      • Finding uniqueness for the Wiz Container Vulnerability integration now includes the "Path" attribute. Existing findings are automatically migrated to the updated key structure, with irrelevant findings closed as invalid.
      • Repository names for discovered container images are now stored in registry/repository format. All repositories associated with an image are appended to the Repository field on the Discovered Container Image record.
      • Vulnerabilities, test results, and issues from Wiz are no longer skipped if the Cloud provider, Resource type or Native type fields are empty in the payload.
      • Severity at the vulnerability entry level is now mapped to the cvssSeverity.
    • Fixed:
      • Object ID extraction for AWS virtual machines in the Wiz Host Configuration Compliance integration.
      • An exception during the Wiz Host Vulnerability Integration job when providerUniqueId was null has been resolved. The integration now uses externalId to set the resource_id, falling back to providerUniqueId only if externalId is empty.
      • The Projects field on Discovered Container Image records is no longer empty after running the Wiz Container Vulnerabilities integration. Previously, the field was overwritten instead of appended during processing.
      • Users with the sn_vul_wiz.configure_integration role can update the Import since date and cancel integration runs for Wiz integrations.
      • Detections generated by the Wiz Host Vulnerability integration are no longer linked to non-existent VITs, resolving missing detection records for affected customers.
      • State management logic for CVITs now correctly considers the granularity information while closing and reopening the CVITs.
    Version 30.2.3 - January 2026 (USEM)
    • New:
      • The Universally Unique Identifier (UUID) that identifies detections for the Wiz Host Vulnerability integration will be mapped to a detection key. Note: This change is supported for new customers only. For existing customers, the detection key for the Wiz Host Vulnerability integration is created using the combination ofvulnerability,asset_id, andproof.
      • Added thesource_id column to the Container Image Finding table (sn_vul_container_image_findings) and mapped theid attribute from the Wiz import to this field on findings records.
    • Changed:
      • You can configure theFirst parameter for the Wiz Asset Integration to help you resolve 504 errors. You can reduce the page size if you are having memory issues or generating errors. The default value is 500.
      • The default integration instance parameter for configuring finding keys for the Container Vulnerability Integration includessrc_ci,vulnerability,package,image_layer, andimage_repository.
    • Fixed: Extra or empty tabs are no longer displayed on the Wiz integration configuration page if the Configuration Compliance application is not installed.
    Version 1.2.1 - January 2026
    • New:
      • The Universally Unique Identifier (UUID) that identifies detections for the Wiz Host Vulnerability integration will be mapped to a detection key. Note: This change is supported for new customers only. For existing customers, the detection key for the Wiz Host Vulnerability integration is created using the combination of vulnerability, asset_id, and proof.
      • Added the source_id column to the Container Image Finding table (sn_vul_container_image_findings) and mapped the id attribute from the Wiz import to this field on findings records.
    • Changed:
      • You can configure the First parameter for the Wiz Asset Integration to help you resolve 504 errors. You can reduce the page size if you are having memory issues or generating errors. The default value is 500.
      • The default integration instance parameter for configuring finding keys for the Container Vulnerability Integration includes src_ci, vulnerability, package, image_layer, and image_repository.
    • Fixed: Extra or empty tabs are no longer displayed on the Wiz integration configuration page if the Configuration Compliance application is not installed.
    Version 1.1.1 - December 2025
    • New:
      • Resource types filters are supported on the Test Results, Issues, Host Vulnerability, and Host Test Results tabs on the Wiz Configuration page.
      • Additional attributes imported from Wiz which are not stored in the Discovered items [sn_sec_cmn_src_ci] table are stamped in this table with "Asset Attributes".
      • Fix information that includes 'Fix available', 'Partial fix available', 'No fix available', and 'Fix version' from the [fix_available] and [fix_version] columns is rolled up to CVITs from findings. Note: If there are two or more findings on a CVIT, the fixed version might only apply to one. In that case, 'Partial fix available' is rolled up to the CVIT.
      • The Wiz vendor severity attribute is mapped to the 'Source severity' column on findings records in the Container Image Findings [sn_vul_container_image_findings] table.
      • Source severity is mapped to the Priority column on the Test Results [sn_vulc_result] table.
      • Test results from the host misconfiguration integration are classified as result type 'host_misconfiguration'.
      • Data for resources that have the validated_at_runtime flag set to 'Yes' is imported and populated on detections.
      • The backfill integrations for the Host Vulnerability, Test Results, Host Test Results and Issues integrations for these primary integrations have been removed for this release. Note: After you upgrade to this version (1.1.1), you must set the import schedule to backdate by three days and run the Host Vulnerability, Test Results, Host Test Results and Issues integrations to import any assets from the Wiz Missing Assets [sn_vul_wiz_missing_assets] table that might have been missed during upgrade.
    • Changed:
      • The [is_ignored] column is deprecated for the Host Test Results and Test Results Integrations. This column was replaced by the [is_result_ignored] column.
      • The CMDB internet-facing field on the Discovered item is mapped to Limited Internet Exposure on findings.
      • Increased Column length for the descriptions in the Container Vulnerability Import and Host Vulnerability Import tables.
      • The cluster and namespace is evaluated for all the following entity Types: DEPLOYMENT, DAEMON_SET, STATEFUL_SET, POD.
    • Removed:
      • Since their primary integrations can create discovered items and configuration item records after import, the following backfill integrations have been removed:
        • Test results backfill integration
        • Host test result backfill integration
        • Issues backfill integration
    • The Wiz Missing Assets [sn_vul_wiz_missing_assets] table that supported the backfill integrations is deprecated.
    Version 1.0.16 - October 2025
    Fixed:
    • Wiz Container Integration failure due to incorrect DateTime format.
    • Removed the 'CC Resource type' field from the Test Results configuration tab in the UI.
    • Enabled cluster and namespace population for 'DaemonSet', 'Pods', and 'StatefulSet' Kubernetes types.
    • Mapped fixed_version to fix_status in the container image findings table for better visibility on remediation feasibility.
    • Disabled the right-click 'Save As' option on the Wiz configuration page to prevent unintended actions.
    • Corrected mapping of external_id from cloud account payload to Cloud Account ID in the Wiz Asset Integration.
    • Mapped isAccessibleFromInternet to cmdb_ci_internet_facing for internet exposure visibility in the Wiz Asset Integration.
    Version 1.0.13 - September 2025
    • The following have been addressed:
      • Added below integrations to address the duplicates Discovered items for the wiz.
        • Assets integration
        • Back fill integrations for the CC, Host integrations
      • Added the configurations for each integration(except Host TR Integration) for the capabilities to fetch the Ignored items, to close the same.
      • Deprecating current column: is_ignored,Adding a new column is_result_ignored of string choice field like result_type with no default value.
      • Fixed the Delta pull for the Wiz CC integration.
      • Fixed Populating non_infra_last comp scan date in issues and test results integration from non_infra_last_scan_date and clear the non_infra_last_scan_date if the resource_type is not virtual machine or server less.
      • Making the first values in configuration page as mandatory to avoid if the customer clears the value in first parameter which is mandatory in rest calls.
      • Added wiz configuration role to sn_vul.configure_integration.
    Version 1.0.10 - August 2025
    The Wiz integrations import vulnerability and compliance data from Wiz scanners into your ServiceNow AI Platform instance to help you get deeper insights into your cloud infrastructure risks. These integrations provide you with a comprehensive assessment of your overall cloud security posture and drive remediation actions directly from the ServiceNow AI Platform.