Sarah Wood
Administrator
Administrator

SecOps Resource Library button.png

Resource Library: Enterprise security case management

 

Product Areas:

Security Incident Response button.png Threat Intelligence button.png Now Assist for SIR button.png TISC button.png MSIM button.png DLP-IR button.png 

 

General Topics (A-Z): 

Cybersecurity Executive Dashboard button.png Events button.png Getting Started button.png Outcomes button.png Reporting button.png What's New button.png 

 

Solutions, Features & Descriptions 

  • Security Incident Response (SIR) manages the lifecycle of a security incident from creation through analysis, containment, eradication, recovery, and review. 
  • The Threat Intelligence (TI) application allows users to collect and store Structured Threat Information Expression (STIX) data received through integrations with third-party malware-detection software packages and Threat Intelligence Feeds. 
  • The Data Loss Prevention Incident Response (DLP IR) application enables you to review and manage the remediation workflow of DLP incidents from multiple sources, such as endpoint, network, email, and cloud. 
  • Major Security Incident Management (MSIM) is a solution to track and manage the various activities typically part of resolving a major security incident. 
  • Threat Intelligence Security Center (TISC) is a threat intelligence platform for aggregation, management and operationalization of threat intelligence. 
  • Now Assist for SecOps enables security analysts to use intelligent workflows and ServiceNow generative AI skills to help them resolve security incidents.
  • The Security Incident Response Workspace is a reimagined interface that provides a next-gen user experience for security analysts and SOC managers to manage security incidents.
  • The Security Incident Response Health Dashboard provides a centralized view of critical aspects related to SIR process implementation, issues/errors encountered, and performance metrics. It serves as a vital tool for monitoring and optimizing the effectiveness of an organization's SIR capabilities.
  • A Playbook is a series of steps and tasks that address the process for remediating a specific type of security incident or event. 
  • Security Incident Calculators update record values when pre-defined conditions are met. The calculators are grouped based on the criteria used to determine how the records are updated. 

 

Version history
Last update:
‎04-03-2025 04:09 PM
Updated by:
Contributors