Security incident response implementation VANCOUVER

MouhamadouL
Tera Contributor

‎05-21-2024 01:33 AM

Hi all,

I hope you all are doing well.

I have 2 quick questions. I need to know how long it takes to implement the Security Incident Response starting with the OOTB configuration without any customizations? What are the steps to be taken  to get it up and running with the OOTB configuration?

 

Regs,

 

Lo Mouhamadou 

 

Labels:
0 Helpfuls
  • 390 Views
3 REPLIES 3

Dr Atul G- LNG
Tera Patron
Tera Patron

‎05-21-2024 01:36 AM

Hi @MouhamadouL 

 

To get the SIR OOTB, it  take 10-15 days to go OOTB way. 

 

You need to activate the plugins

Set up role and groups

user trainings and 

all good to go.

 

If you want to more, i recommend to go to Now create and Search under Asset for SIR - Starter stories and process workshop. These docs will help you to go oOTB implementation. 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

MouhamadouL
Tera Contributor
In response to Dr Atul G- LNG

‎05-21-2024 01:41 AM

Hi AG, thanks for the quick answer.

 

No workflow or flow designer to configure for the security incident lifecycle?

Severity, impact need to be configured?

 

I had these in mind as basic config and staying OOTB

 

-System administration

Assign roles to SIR users and groups;

-Activate integration plugins.

-Security Incident Response administration

-Review roles

-Add roles to users and groups

-Set up incident escalations

-Set up calculator groups

-Set up risk score calculators

-Set up SLAs

-Set up and select process definitions

-Set up post incident review

-Configure domain operations

-Security Incident Email settings

-Set the email parsing mailbox

-Set up parsers for alert ingestion

-Set up matching rules for phishing

-Set up email inbound actions

-Security Incident Playbook settings

-Review and set up runbooks

-Set up SIR workflows

-Capability Configurations (workflow actions, sighting search, email block and delete)

 

0 Helpfuls

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to MouhamadouL

‎05-21-2024 01:45 AM

Hi @MouhamadouL 

 

When we activate the plugins few stuff come as OOTB.  But yes, need few changes as per org need. i.e. reason I said, if you check on Now Create docs you will get more clarity ,as that provide more accurate path and direction. 

 

Also once you activate the plugin, you will get guided setup of SIR, which will cover almost everything, which is required to run the OOTB SIR.

 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls