The matching of your CMDB's Configuration Items (CIs) to the list of hosts and vulnerabilities brought in by your scanner is key to the success of your Vulnerability Response (VR) implementation. Learn how this works and how to do it right in 20 mi...
OverviewVulnerability Response CI matching can be a challenging and a difficult thing to get right. For effective CI matching there are a few key things to keep in mind. This article is intended to help you understand how to tune your CI Matching l...
Hi everyone! The attached guide is focused on getting started with the user reported phishing use case, as a quick-win, and provides a high level walk through of the steps needed to get started. It also includes links to more detailed implementa...
Starting from v18.0, Vulnerability Response brings in cloud attributes for cloud resources from the scanners and makes them available for usage in CI lookup rules and other downstream functions. This enables easy and accurate lookup of cloud resourc...
On February 3, French Computer Emergency Response Team (CERT-FR) reported the exploitation of a 2-year-old vulnerability (CVE-2021-21974) that exists on unpatched ESXi servers. Attackers were able to successfully exploit and launch ransomware attack...
When looking at discovered items, the “State” is showing as “Matched” but CI matching rule is blank. The WHY VR fails to find Discovered item by Source ID VR fails to find a CI match by CI lookup rules IRE does find a CI match VI CI Identifie...
he SecOps Business Unit conducts quarterly roadmap sessions to talk about what is coming in the future. You must be given access to this group. It is a private group. Customers, Partners and employees are welcome. The administrator coordinating this...
Improving Usage of CWE, CVE & CPE One common theme to improving the usage of these vulnerability standards across the ServiceNow (SN) platform is to handle the challenges of visibility and accessibility. Unfortunately, it’s common for security profe...
Background: Many of the CISO’s security executives struggle to build awareness of the various accomplishments and struggles related to the enterprise's security posture. Leaders for vulnerability and incident response management need a shared view t...
Our Global Incident Response team keeps a low profile, but their work is critical to detecting and mitigating threats to employee data and network security. In this new blog, GIR team members talk candidly about the power of citizen development. Th...
Incident response teams are faced with an ever-increasing number of security incidents to respond to. In these times of a global pandemic, Cybercriminals have been employing the tactic of sending phishing emails that appear to come from trusted brand...
Hello SecOps Community, I am pleased to be able to share with you the recently finished Performance Analytics for Security Operations document. This document was put together with the hopes of de-mystifying Performance Analytics for security practiti...
Background As part of the journey into managing enterprise vulnerabilities, it’s vital to understand how to prepare for your Vulnerability Response (VR) Deployment. Initially, it might seem overwhelming, but a well thought-out and deliberate approac...
Hi There, This is in continuation of part 1 which i have posted few days back. This include few more terminologies from Security Incident Response which will help you to understand it more. PIR- Post Incident Review Configure Escalation Groups If an...
Why this Article As Simon Sinek points out in his book ‘Start with Why’, ‘the why’ is probably the most crucial question for all of us. Why I wrote this article is pretty simple, I wanted to help people understand how they can leverage the Discovere...
Welcome to ServiceNow® Security Operations (SecOps) Are you ready to start your SecOps implementation journey? This guide gives you valuable information you can share with your team, including proven guidance and links to key resources—all designed...
Ever wonder how ServiceNow uses its own products? We have a program we call Now on Now where ServiceNow employees highlight how they are innovating on the product. Listed here are presentations and white papers that relate to SecOps. Now on Now: Ho...
It always helps to understand how ServiceNow products work foundationally and how they are connected to other products, which is the purpose of the following product architectures. Security Incident Response - Product Architecture Blueprint Vuln...
Before starting implementation, it's always a good idea to conduct a process workshop to verify processes and identify requirements. Listed here are process workshop guides you can use to run workshops if you are self-implementing or to prepare if yo...
Before you get started with SecOps, here are some resources to help you get acquainted with features and capabilities. What is Security Operations (SecOps) SecOps Video Overview SecOps FAQs Product Insights- SecOps transformation
Sarah Wood
ServiceNow
Lisa Latour
Eric Feron
Mary Hain
seanflack
Steph Morillo
