- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on
08-30-2024
02:22 PM
- edited on
12-06-2024
11:41 AM
by
Sarah Wood
On August 27 & 29 Jamie Jackson, Sr. Product Success Manager, SecOps, Sushma Lawate, Sr. Product Success Manager, and Antonio Challita, Sr, Principal Product Manager highlighted the various Security Incident Response task types, working with the Security Incident Knowledge bases and the recently released Now Assist (AI) for SecOps capabilities. This insight could lead you to knowing where your Security incident maturity could be planned.
Agenda:
- Security Incident Task Types
- Security Incident Knowledge Base
- Now Assist for Security Operations (SecOps)
If you were unable to join, or interested in reviewing the content again, the webinar can be viewed here:
The Resource Links where more information can be found:
ServiceNow Documentation
- Understanding Security Incident Response
- Security Incident Creation
- Create a security incident knowledge article
- Now Assist for Security Operations
Questions asked during the webinar:
| Question | Answer |
| What SIR license is Now Assist for SecOps included? | Now Assist for SecOps requires a new SKU, either SIR Pro Plus or SIR Enterprise Plus. |
| Regarding Incident states, is there anyway to re-open a closed Inicident? For example in Law enforcement sometimes cold cases are re-opened. | That would require customization. As of now there is no process definition that enables it. |
| Are Security Request technically part of SecOps module or not (meaning, can non-SecOps user create one)? | Security requests can be created by non-SecOps users and are generally submitted through catalog items. In that regard, yes, it is part of the SecOps module. While SIRs and SITs cannot be created manually by non-SecOps users, security requests can be created through catalog items. |
| Is there plan for AI to help respond to Incidents not just summarzing them? | Yes, we have plans for Nov release to suggest remediation steps for analysts to close the SIs. Summarization is just the starting point for AI in SecOps, with August 2024 having the first release. |
| Can we create a seperate KB template for the SITs? | Yes, new templates can be created. Take a look at: https://docs.servicenow.com/bundle/xanadu-servicenow-platform/page/product/knowledge-management/task... |
| Will the Summarize include the Security Tasks from the Playbook associated to the SIR? | We shipped response tasks as OOB input field to be summarized. But customers have the ability to configure what fields you want to choose to be summarized. |
| Can we ask it to create new SIR or SIT? | Currently you are not able to create a SIR or SIT through Now Assist, but it is in our roadmap to leverage AI to be more autonomous at being able to suggest and take actions. |
| Can the Runbook document be linked to an Instruction or any Process automation activity? | No, they can only be attached to Security incident or Response tasks OOB. |
| Can an Article be created with lesser phase - i.e., Draft - Review -approve - published. Reason being since there are lot of steps involved in this stakeholders are not receptive for KB creating approach due to painful process? | The approval process can be removed. This can be set in the knowledge base settings. You can “Instant publish”. |
- 1,348 Views
