Playbooks for Password spray, Endpoint detection and Typo squatted domain: you can now use ServiceNow's Security Team own playbooks!

Eric Feron · ‎11-06-2020

UPDATE: the recording of the live demo webinar is now available at the bottom of this page.

Hello community,

You will not be surprised to hear that ServiceNow also has its own Security Incident team and that this team of course, like you, uses ServiceNow's Security Incident Response applications.

To optimize their operations and help the analysts focus their efforts on strategic concerns, ServiceNow’s Global Incident response team created their own playbooks to standardize and automate a number of tasks and achieve consistency, quality and speed.

The great news is that they decided to make their playbooks available to all customers, aka, you.

I am delighted to present to you:

Password spray playbook : provides systematic remediation steps to handle multiple failed login alerts;
Endpoint Detection playbook : provides systematic remediation steps to investigate malware alerts from user devices;
Typo squatted domain playbook : provides systematic procedures for investigating misspelled domains and collaborating with the organization’s legal department for take down’s.

These playbooks demonstrate the power of the ServiceNow platform in enabling industry leading security operations workflows using a lo-code/no-code workflow designer capabilities (flow designer & orchestration).

…and coming from a top notch security operations team in the industry that leads the charge in demonstrating to customers how to use the ServiceNow platform for best in class implementations is HUGE !

The following playbooks are now available on “Share” .

We are putting together a live webinar/demo to introduce these playbooks to you and listen to your questions. This is currently planned for Dec 8, 8am PT. Stay tuned for more details.

Enjoy!

Password spray playbook:

Endpoint Detection playbook:

Typo squatted domain playbook:

Alex Cox · ‎11-06-2020

Very cool, thank you all for sharing this!

Eric Feron · ‎11-25-2020

Hello all,

I am pleased to confirm that the live demo webinar will be held on Dec 8, 2020 at 8 am Pacific Time (4 pm in London, UK), you are invited to attend, no registration is needed.

We will be using Zoom: https://servicenow.zoom.us/j/94948372171

Please join a few minutes early to not miss anything.

Add to Calendar Add to Yahoo Calendar

See you there and then!

Cheers,

EF

Eric Feron · ‎12-08-2020

Hello all,

the live demo webinar will start in exactly one hour, sign-in here.

See you there.

EF

Eric Feron · ‎12-08-2020

Hello all,

the live demo webinar will start in 5 minutes, sign-in here.

See you there.

EF

Eric Feron · ‎12-08-2020

Hello all,

thank you to the 130 of you who attended the live webinar! Some great questions too.

If you could not attend, worry not, we will soon be posting here the (edited) recording and the slides.

Stay tuned, make sure your SUBSCRIBE to this article (top right corner of this page: 1- sign in, 2-. click the blue button) to receive updates.

Cheers,

EF

Eric Feron · ‎12-08-2020

Here is the PDF version of the slides, with hyperlinks.

Eric Feron · ‎12-08-2020

Here is the PDF version of the slides, containing hyperlinks to the playbooks.

Eric Feron · ‎12-08-2020

FYI, make sure you also take advantage of the: Playbooks for the automation of phishing response.

Eric Feron · ‎12-09-2020

Hello all,

Here is the edited recording of the webinar, 32 minutes of knowledge-dense guidance.

Enjoy.

Eric Feron · ‎12-14-2020

Hello all,

You saw in the demo that Akhila and her team used Flow Designer to develop their Playbooks.

Here are more details about how this great "no code" tool:

Have you used Flow Designer yet?