Maik Skoddow
Tera Patron
Tera Patron
find_real_file.png
I recommend bookmarking this article so that you are automatically notified by email when changes are made by me.
If you miss any content, please leave it as a comment and I will add it to this article.
 
Table of Contents

My library Knowledge Sources To Go is very popular, but it was intended mainly as a thematically grouped guide to standard sources and was provided by me as a PDF file. For certain topics, however, there is so much content that I can no longer include it in that document, as it cannot continue to grow forever.

For this reason, I have decided to handle such topics in individual community articles like this one instead.

 

 

What is Security Operations?

 

Security Operations is a security orchestration, automation, and response (SOAR) engine built on the Now Platform. Designed to help security and IT teams respond faster and more efficiently to incidents and vulnerabilities, Security Operations uses intelligent workflows, automation, and a deep connection with Security Operations and IT to streamline response. In addition, the solution leverages the ServiceNow® Configuration Management Database (CMDB) to map security incidents to business services and IT infrastructure. This mapping enables prioritization of incident queues and vulnerabilities based on business impact, ensuring your security and IT teams are focused on what is most critical to your business.

 

 

 

Product Information

Entry point to the official product information pages.

 

Product Documentation

Entry point to the official product documentation.

 

Data Sheet

Summarized overview in one PDF file.

 

What is Security Operations?

More detailed information

 

Success Map

An overview of implementing, maintaining, and getting maximum value from Customer Service Management.

 

Recommended Implementation Sequence

Specific guidance for Security Operations (SecOps) outlining which products to implement through the Foundational, Crawl, Walk, Run, and Fly phases to ensure Customer Success.

 

Success Pack

This success packs gives customers the opportunity to get ServiceNow product SMEs to assess current implementation and document prescriptive guidance on maximizing value.

 

 

Trainings & Courses

 

Security Operations (SecOps) Fundamentals

This course covers the foundational topics of the ServiceNow Security Operations suite, including Security Incident Response, Vulnerability Response, and Threat Intelligence applications. The Security Operations Suite provides the tools needed to manage the identification of threats and vulnerabilities within your organization, as well as specific tools to assist in the management of Security Incidents.

 

 

Articles & Blog Posts

 

2023-11-14 by @lanemclaughlin 

What’s New in Security Operations November 2023 Release

In ServiceNow’s last Store Release of 2023, there are three noteworthy innovations added to the Security Operations offering: Vulnerability Crisis Management, Compensating Controls for Vulnerability Response, and many new Now-on-Now flow-based playbooks.

 

 

Videos & Podcasts

 

2023-01-18 by ServiceNow Community

Transform Enterprise Security with ServiceNow Security Operations 

What does it mean to “transform enterprise security?” It can mean a lot of things to many different people. In this video, we will explore how organizations are using ServiceNow Security Operations to change how they more effectively manage and respond to security events across the enterprise.

 

2023-01-19 by ServiceNow Community

The more you know - SecOps and CMDB Interactions

Primary focus: Interactions between SecOps (VR/CC) and NOW CMDB:
- Review the overall host lookup process in the current generation of the SecOps applications for VR and CC
- Clarifying common misconceptions we hear in the field
- Review how CMDB IRE and SecOps CI Lookup Rules play together
- Step-by-step walk through of common interactions with SecOps and CMDB (lookup, insert)

 

2023-03-13 by ServiceNow Community

What's New in Security Operations in the Utah Release 

In this video, we will look at an exciting new feature designed especially with Tier 1 and 2 Security Analysts in mind, the Security Incident Response Workspace. We will also take a look at updates to the Vulnerability Manager Workspace, which now offers a more holistic look at your organization's attack surface.

 

2023-06-26 by ServiceNow Community

Mitigating Crisis Events with ServiceNow 

In this video, we will explore how ServiceNow helps organizations mitigate major security events using solutions from the Security Operations, Risk, Operational Resilience, and Business Continuity Management portfolios.

 

2023-07-07 by ServiceNow Community

ServiceNow DLP Incident Response Demonstration 

DLP Incident Response, part of ServiceNow Security Operations, gives us the power to integrate with Data Loss Prevention (DLP) products to import incidents from multiple sources, including endpoint, network, email, and cloud into a single platform. Then, using a remediation workflow, we can automatically assign incidents to end users, managers, and DLP analyst team with automated incident assignment and escalation, all using intuitive, easy-to-use workspaces designed specifically to make managing and reporting this work easy.

 

2024-03-23 by ServiceNow Community

Transform Enterprise Security 

This demo provides a 30,000’ view of the SecOps offerings that ServiceNow provides, including the following: Security Incident Response, Threat Intelligence, Major Security Incident Management, and Vulnerability Response.

 

2024-12-11 by ServiceNow Community

Get Started With Security Operations Applications 

Join our product team to learn about key resources and techniques for the beginning of your implementation journey. The goal of this session is to foster success with your implementation of Security Operations Applications including Security Incident Response, Threat Intelligence, and Vulnerability Response.

 

2025-04-14 by ServiceNow Community

Get Started With Security Operations Applications 

Join our product team to learn about key resources and techniques for the beginning of your implementation journey. The goal of this session is to foster success with your implementation of Security Operations Applications including Security Incident Response, Threat Intelligence, and Vulnerability Response.

 

2025-09-01 by ServiceNow Community

Get Started with Security Operations Applications 

Join our product team to learn about key resources and techniques for your implementation journey. The goal of this session is to foster success with your implementation of Security Operations Applications including Security Incident Response, Threat Intelligence, and Vulnerability Response.

 

 

 

Now Assist

 

ServiceNow's Now Assist for Security Operations is a cutting-edge solution that leverages generative AI to enhance the efficiency and effectiveness of Security Operations Centers (SOCs). This intelligent platform automates routine tasks, provides advanced analytics, and streamlines incident management processes. Now Assist offers features such as AI-driven summaries, automated resolution notes, and intelligent incident prioritization, enabling security analysts to focus on critical threat mitigation. By automating the creation of incident summaries, post-incident analysis, and resolution notes, Now Assist significantly reduces incident response time and improves accuracy. This not only boosts analyst productivity but also leads to substantial cost savings for organizations, potentially up to $400,000 annually for those handling 500 security incidents per week. With its ability to provide concise, structured summaries of security incidents and automate various aspects of the incident response lifecycle, Now Assist is transforming security operations and helping bridge the skills gap in cybersecurity.

 

 

 

Product Documentation

Entry point to the official product documentation

 

Implementation Guide

The implementation guide helps implementers better adopt the product by providing the broader context with best practices for critical actions that need to be taken during an implementation.

 

 

Trainings & Courses

 

Now Assist for Security Incident Response (SIR) Implementation Bootcamp

This on-demand course provides an overview of the Now Assist for Security Operations application for ServiceNow. This course illustrates the Now Assist application, enabling security analysts to use intelligent workflows and ServiceNow generative AI skills to help them resolve security incidents. With Now Assist for SecOps, security managers can quickly review the context of security incidents and closure notes in a concise, easy-to-read format with the Now Assist for Security Operations application.

 

 

Articles & Blog Posts

 

2024-08-06 by @Miranda Ju 

Now Assist for Security Operations is Generally Available!

We're excited to announce that our Generative AI product, Now Assist for Security Operations (SecOps), is now live on the ServiceNow Store! In our August release, we are thrilled to introduce three key features designed to enhance your experience:

  • Security Incident Summarization
  • Resolution Notes Generation
  • Interactive Q&A in the Now Assist Panel

 

 

 

Vulnerability Response

 

ServiceNow Vulnerability Response synthesizes asset, severity, exploit, risk, and threat intelligence insights into automated workflows for fast, reliable prioritization and remediation. Integrations available on the App Store plug into multiple cloud, container,application testing, vulnerability assessment, OT/IT discovery, patch deployment, and asset management tools for fast time to visibility across your evolving attack surface. This unified understanding helps both minimize blind spots and continuously calculate potential exposure based on threat intelligence and asset attributes. Native configuration compliance shows whether managed assets are deployed within policy and includes workflows to fix flaws and improve the security posture.

 

 

 

Product Information

Entry point to the official product information pages.

 

Product Documentation

Entry point to the official product documentation.

 

Data Sheet

Summarized overview in one PDF file.

 

What is vulnerability management?

More detailed information

 

Process Guide

Provides detailed guidance on the way that ServiceNow intends the process to-be.

 

Product Architecture

Describes the inherent functionality of the product and outlines the technical components in the form of a diagram.

 

Success Pack

This Success Pack provides customers with prescriptive guidance to deliver a VR deployment with vulnerability scans data ingestion, automation, increased productivity, and enhance visibility into their enterprise.

 

 

Trainings & Courses

 

Vulnerability Response (VR) Implementation

This course covers Vulnerability Response essentials such as why customers need Vulnerability Response, what Vulnerability Response is, and how to properly implement Vulnerability Response. Participants will learn the common technical aspects of a Vulnerability Response implementation as well as experience various processes to effectively manage a Vulnerability Response implementation. Additionally, participants will learn tactical skills and strategies that will better prepare them to implement Vulnerability Response in a scalable, repeatable, and efficient manner.

 

Vulnerability Response Learning Bytes

This course is structured as a series of short, targeted learnings that focus on key topics and features. Each course in the series includes informative text, interactive graphics, etc.. As a learner, you can choose to take one or more courses, depending on your interests. New courses will be added often.

 

 

Articles & Blog Posts

 

2021-04-21 by @Chris McDevitt 

Vulnerability Response and The Discovered Items Module

The Discovered Items module is a hidden gem that we can all use to enhance Vulnerability Response and potentially your CMDB.

 

2022-04-04 by @john_gibbons 

CI Matching Tuning

Vulnerability Response CI matching can be a challenging and a difficult thing to get right. For effective CI matching there are a few key things to keep in mind. This article is intended to help you understand how to tune your CI Matching logic to work as effectively as possible with the data that you have available.

 

2022-04-04 by @Chris McDevitt 

Incomplete IP Identified Devices and what to do with them

I have put down my thoughts on how to handle Incomplete IP Identified Devices.

 

2023-09-16 by @john_gibbons  

ServiceNow Vulnerability Response Host Import Maps

Host Import Maps determine how and what scanner asset data is mapped to a target table and the target fields. This article is intended to help you understand how and when to utilize Host Import Maps.

 

2023-12-12 by @lanemclaughlin 

ServiceNow Vulnerability Response Exploit Prediction Scoring System (EPSS)

ServiceNow's Vulnerability Response Exploit Prediction Scoring System (EPSS) provides a fundamentally new capability for efficient, data-driven vulnerability management. It’s a data-driven effort that uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%), where the higher the score, the greater the probability that a vulnerability will be exploited.

 

 

Videos & Podcasts

 

2022-03-03 by ServiceNow Community

The critical importance of your CMDB for Vulnerability response

The success of your Vulnerability Response implementation relies heavily on your Configuration Management Database (CMDB). Learn why and how to get properly set-up in 10 minutes. In this first episode of the 2020 series on Vulnerability Response (VR), Rahimulah Rahimi, Technical Portfolio Manager, lays the ground work for all you need to know to be successful with VR.

 

2022-03-05 by ServiceNow Community

CI Matching for Vulnerability Response - How to get it right 

The matching of your CMDB's Configuration Items (CIs) to the list of hosts and vulnerabilities brought in by your scanner is key to the success of your Vulnerability Response (VR) implementation. Learn how this works and how to do it right in 20 minutes.

 

2021-03-27 by ServiceNow Community

Vulnerability Response End to End Demonstration 

This video walks you through ServiceNow Vulnerability Response and discusses the various aspects of the product.

 

2022-03-05 by ServiceNow Community

How To - Vulnerability Response

 

2022-04-22 by ServiceNow Community

ServiceNow Vulnerability Response and the CMDB 

In this video, Leo Sequeira from the ServiceNow Customer Outcomes team discusses how Vulnerability Response and the CMDB complement one another as he answers some of the more common questions and concerns he's heard from customers.

 

2023-02-17 by ServiceNow Community

Container Vulnerability Management with ServiceNow Vulnerability Response 

Learn how ServiceNow helps customers manage vulnerabilities in their cloud container environments

 

2023-11-15 by ServiceNow Community

Systematically Harden the Digital Attack Surface 

Vulnerability Response helps our customers move from painfully manual, spreadsheet driven processes to automated digital workflows. It’s important to understand that helping Security and IT teams perform their work faster is very helpful, however most of the ROI will be in the reduction of business risk. The quicker vulnerabilities are patched, the less of a window attackers have to exploit them.

 

2023-12-02 by ServiceNow Community

Reduce Vulnerabilities in Infrastructure, Applications, Cloud, OT and Services 

ServiceNow Vulnerability Response helps you view and respond to all vulnerabilities across all IT assets from a single pane of glass. Now you can view application vulnerabilities from DAST, SAST, SCA, and penetration testing findings from tools like Veracode, Snyk, Fortify, and Checkmarx.

 

2023-12-02 by ServiceNow Community

Systematically Harden the Digital Attack Surface

ServiceNow® Vulnerability Response synthesizes asset, severity, exploit, risk, and threat intelligence insights into automated workflows for fast, reliable prioritization and remediation. Integrations available on the App Store plug into multiple cloud, container, application testing, vulnerability assessment, OT/IT discovery, patch deployment, and asset management tools for fast time to visibility across your evolving attack surface. This unified understanding helps both minimize blind spots and continuously calculate potential exposure based on threat intelligence and asset attributes.

 

 

 

Security Incident Response

 

ServiceNow Security Incident Response, a security orchestration and automation response (SOAR) solution, helps you rapidly respond to evolving threats while optimizing and orchestrating enterprise security operations. Security Incident Response eliminates the errors and friction natural to manual handoffs across systems, teams and responsibilities. Integrations, playbooks, dashboards, and a common data model for enterprise case management expedite investigation, response, and remediation across IT, Security, and Risk teams to minimize incident impact, data loss, and exposure. This drives maturity of your security operations, and centralizes case management for threats, data loss events, and more.

 

MaikSkoddow_0-1702198932066.png

 

 

Product Information

Entry point to the official product information pages.

 

Product Documentation

Entry point to the official product documentation.

 

Data Sheet

Summarized overview in one PDF file.

 

What is SOAR?

More detailed information

 

What is the Mitre Att&ck Framework? 

More detailed information

 

Process Guide

Provides detailed guidance on the way that ServiceNow intends the process to-be, for Security Incident Response (SIR).

 

Recommended Implementation Sequence 

Specific guidance for Security Operations (SecOps) outlining which products to implement through the Foundational, Crawl, Walk, Run, and Fly phases to ensure Customer Success.

 

Success Pack

This Success pack will help with the implementation of SIR, designed to shift customers into Maturity Level 1 and align them to advance into the next phases of their customer journey.

 

 

Training & Courses

 

Security Incident Response Implementation

In this interactive course, attendees cover the domain knowledge, common implementation, technical aspects, and various processes needed to effectively manage a Security Incident Response (SIR) implementation.

Participants will learn and practice various tactical skills and strategies that will prepare them to implement SIR. Through lectures, group discussions, and hands-on labs, participants build on existing knowledge and skills by applying implementation best practices.

 

Security Incident Response (SIR) Workspace Bootcamp

The bootcamp on Security Incident Response (SIR) Workspace in ServiceNow is designed to provide individuals with an in-depth understanding of how to effectively manage and respond to security incidents using the ServiceNow SIR platform.

 

 

Articles & Blog Posts

 

2023-02-02 by @Madhumitha Redd

The all-new Security Incident Response Workspace is now live on store!

We heard you!!!! Say bye to the classic UI and the custom new UI. The re-imagined next-gen workspace for the Security Analysts is now available on the store.

 

2023-02-02 by @Prudhvi T

How to Create New Outcome Types in Security Incident Response Task?

Playbooks in Security Incident Response often use response tasks as a channel to guide the security analysts and expedite the resolution of security incidents. These playbooks rely on responses provided by the analyst via the response task "State" field and subsequently generate follow-up response tasks.

 

2023-08-10 by @Madhumitha Redd

Render flow based playbooks in the new SIR Workspace

If you have started using the new SIR workspace, and are in the journey of creating new processes for each of your playbooks built using Flow Designer, then this article is for you.

 

 

Videos & Podcasts

 

2021-12-16 by ServiceNow Community

Major Security Incident Management Demonstration 

Learn all about the exciting new Major Security Incident Management, part of ServiceNow Security Incident Response. Watch this brief walkthrough of how to promote a security incident to a major security incident, and then get a quick tour of the workspace to see how Major Incident Managers can easily view all elements of the incident(s), collaborate with users across the organization, track artifacts, and report status to stakeholders.

 

2022-03-24 by ServiceNow Community

Data Loss Prevention Incident Response Demonstration 

In this video, learn how ServiceNow Data Loss Prevention Incident Response (DLP IR) helps organizations like yours manage the DLP incidents across endpoint, email, network, and the cloud. View the DLP Analyst workspace and the end user workspace during the demonstration.

 

2022-03-28 by ServiceNow Community

Microsoft Defender for Endpoint integration with ServiceNow Security Incident Response

In this video, you'll learn about the integration between Microsoft Defender for Endpoint and ServiceNow Security Incident Response, along with seeing a brief demonstration of the functionality in action.

 

2022-05-11 by ServiceNow Community

Resolve Security Incidents Faster with ServiceNow and CrowdStrike 

SOAR (Security Automation, Orchestration, and Response) is critical in helping organizations stay ahead of their adversaries. In this video, we’ll take a look at how ServiceNow partners with CrowdStrike to provide a more seamless, efficient experience for Security Analysts using automation, orchestration, and intelligence.

 

2023-01-30 by ServiceNow Community

How-To Transform Emails into Security Incidents

Learn how to streamline the security incident reporting process in ServiceNow using your email plugin. Discover how to set up the process that allows you to forward emails directly to your ServiceNow instance with just one click. in this demonstration the email will be parsed and automatically translated into a security incident, saving you time and increasing efficiency.

 

2023-02-02 by ServiceNow Community

Security Incident Response Workspace Demo 

In this video, we will take a look at the new Security Incident Response Workspace from ServiceNow. This workspace helps security analysts resolve security incidents faster than ever before!

 

2023-04-11 by ServiceNow Community

Manage and Respond to Evolving Threats Across the Enterprise with ServiceNow

Security Incident Response helps our customers centralize their incident handling work and automate repetitive manual processes. This results in not only a better user experience of incident handlers, but also critical improvements in resolution time and analytical capabilities. It’s important to understand that helping Security and IT teams perform their work faster is very helpful, however the majority of the ROI will be in the reduction of business risk. The quicker security incidents are handled, the less of a chance there is of a breach or service outage.

 

2023-09-26 by ServiceNow Community

Optimize and Orchestrate Enterprise Security Operations with Security Incident Response (Vancouver R...

ServiceNow Security Incident Response helps organizations centralize their incident handling work and automate repetitive manual processes. This results in not only a better user experience of incident handlers, but also critical improvements in resolution time and analytical capabilities. It’s important to understand that helping Security and IT teams perform their work faster is very helpful, however the majority of the ROI will be in the reduction of business risk. The quicker security incidents are handled, the less of a chance there is of a breach or service outage.

 

2023-12-07 by ServiceNow Community

Major Security Incident Management (MSIM) - Tips for Successful Deployment

Join us in a special SecOps community webinar dedicated to Major Security Incident Management (MSIM). For those of you who have implemented MSIM (or are planning to do so) this session is the ONE not to miss!

 

2023-12-07 by ServiceNow Community

Optimize and Orchestrate Enterprise Security Operations

ServiceNow® Security Incident Response, a security orchestration and automation response (SOAR) solution, helps you rapidly respond to evolving threats while optimizing and orchestrating enterprise security operations. Security Incident Response eliminates the errors and friction natural to manual handoffs across systems, teams and responsibilities. Integrations, playbooks, dashboards, and a common data model for enterprise case management expedite investigation, response, and remediation across IT, Security, and Risk teams to minimize incident impact, data loss, and exposure. This drives maturity of your security operations, and centralizes case management for threats, data loss events, and more.

 

 

 

Configuration Compliance

 

This feature helps organizations identify, prioritize, and remediate vulnerable misconfigured software in deployment-stage assets. It integrates with third-party Secure Configuration Assessment (SCA) tools to import configuration tests, authoritative sources, and test results into ServiceNow. The application automatically prioritizes failed configuration tests by matching them against assets in the Configuration Management Database (CMDB), considering both the severity of the misconfiguration and the criticality of the affected asset. This allows security teams to focus on addressing the most critical issues first. Configuration Compliance streamlines the remediation process by enabling the creation of IT change tickets directly from test result groups or associating test results with existing change requests in ServiceNow IT Service Management. The feature also provides real-time visibility into configuration issues through a dashboard and can feed data into ServiceNow Governance, Risk, and Compliance for ongoing risk monitoring. By automating the identification and remediation of misconfigurations, Configuration Compliance helps organizations reduce their attack surface and maintain compliance with corporate and regulatory policies.

 

Product Documentation

Entry point to the official product documentation.

 

Data Sheet

Summarized overview in one PDF file.

 

 

Training & Courses

 

Configuration Compliance Essentials

ServiceNow's Configuration Compliance application allows an organization to prioritize, manage and remediate software configuration issues and the vulnerabilities that arise from misconfiguration. Configuration Compliance Essentials covers the basics of how to set up Configuration Compliance for your organization, the impacts of third-party scanners and the data they import, and how to strategize and remediate test results.

Comments
Alex Cox
ServiceNow Employee
ServiceNow Employee

Great collection!

Version history
Last update:
Saturday
Updated by:
Contributors