In case you missed them, here are some of the integrations released by our security technology partners in 2020. (Updated!)
We're proud to support our partners from market-leading security companies who have developed these certified integrations. Check out the following highlights from our partners so far this year!
To see all the integrations contributed by partners check out this list on the ServiceNow Store.
Security Incident Response
Chronicle Security Incident Response - This integration creates Security Incidents from Chronicle Alerts or IoC matches. Both domain match and asset alerts types are configurable in the integration setup.
Chronicle for Threat Intelligence - This integration pairs with the Incident-creation integration to provide several security capabilities for observable data. Perform threat lookups for verdict information, enrich observables to get more context, or perform a sighting search to ascertain if an observable has appeared on any other systems.
Cisco SecureX Threat Response - This integration offers several of our core threat intelligence security capabilities and you can initiate advanced actions in Threat Response right from the security incident.
The integration supports threat lookup, observable enrichment, and sighting search. The advanced features also support dynamic actions in TR like adding observables to detection lists, and searching past incidents for observables.
Recorded Future for SIR/TI - (Updated in 2020!) The Recorded Future integration provides an in depth report on each observable in security incidents directly from the intel card. You can also create Security Incidents from the dark web alerts you have set up in Recorded Future.
The integration supports threat lookup, observable enrichment with custom data/UI, and security incident generation. Be sure to also request install of their foundation connector.
Unisys Stealth for Dynamic Isolation - The Dynamic Isolation feature in Unisys Stealth enables the isolation of only the single port or protocol exhibiting anomalous behavior. Now you can perform these isolations directly from the security incident form.
The integration supports enforcing host isolation and removing isolation. Also supports SEIM profiles such as LogRhythm.
Flashpoint for Threat Intelligence - The integration supports our threat intelligence capabilities for threat lookup and observable enrichment. It also supports additional observable metadata and links to the flashpoint record for further investigation.
ThreatQ for SIR - The integration supports our threat intelligence capabilities for threat lookup and observable enrichment. Additionally, server responses are stored as JSON to allow for customizations.
Vulnerability Response
Crowdstrike Spotlight for Vulnerability Response - This integration supports creating vulnerabilities directly from the Crowdstrike Agent telemetry on the endpoint. Get near realtime identification of vulnerabilities or validation of your remediation actions to fix the vulnerable item.
Recorded Future for Vulnerability Response - This integration supports correlating Recorded Future's threat information, risk rule violations (such as recently exploited), and the composite threat score for the vulnerability for use in the ServiceNow VR calculator.
RBS VulnDB - This integration supports the constantly-updated Risk Based Security vulnerability database for searching and visualization of these vulnerabilities from ServiceNow Vulnerability Response.
