Playbooks in Security Incident Response often use response tasks as a channel to guide the security analysts and expedite the resolution of security incidents. These playbooks rely on responses provided by the analyst via the response task "State" fi...
When you have a SecOps SIR professional license you are entitled to the Threat Intel module. The Threat Intel module is primarily focused on providing an additional layer of enrichment of Security Incidents and its observables. Although Threat Intel...
When using the SecOps Email parser the Email Inbound Alert rule “Record SecOps Email Events” creates Events for inbound emails into the “sn_sec_cmn_email_event” table. After this, the events are matched and parsed using the available parsers defined ...
Searching for the right course to help you on your career journey, look no further! Find all available courses ServiceNow offers and the class schedules by region that will support your career journey. You can find virtual offerings, In Person Offeri...
Hello all, I am excited to bring you the Q3 program of Product Success Events, hosted in collaboration with several of the product teams at ServiceNow. Thus far, we have added a new topic (as requested) as part of our VR Health Initiative, as well...
ServiceNow's CISO Ben de Bont discusses why digital technologies, such as Gen AI, are the key to both managing risk and seizing market opportunities in the latest issue of Workflow Quarterly. "Companies of all sizes need a way to define, measure, an...
Our "Success with Vulnerability Response" series of recommended practices deep-dive webinars continues. On July 11&12, Lisa Henderson, Sr Staff Software Engineer and I presented how to use Watch Topics, Remediation Efforts, and Remediation Task Rules...
Hello SecOps Community, The ServiceNow VR team has run a very tight schedule of "VR success recommended practices" webinars through 2023 and into 2024. The team of ServiceNow experts has now helped hundreds of VR to get better and faster value fr...
Dear SecOps Community Members, Over the past 3 months, we’ve had many stimulating conversations with our customers and partners on Major Security Incident Management (MSIM). More information about MSIM (including a 5-minute demo) can be found on th...
On Dec. 16, 2025, Erik Brostrom and myself, both from the SecOps Product Excellence team, presented the benefits of the VR Health Dashboard. Following your VR go-live there are a number of tuning and maintenance considerations to maintain a healthy ...
The "Success with Vulnerability Response" series of recommended practices deep-dive webinars continues. One of the most requested topics by customers via our customer voice questionnaire is VR Integrations, and as a result, we conducted a recommended...
The "Success with Vulnerability Response" series of recommended practices deep-dive webinars continues. After the great feedback from the VR Performance, CI Matching and Assignment & Classification rules webinars earlier this year, I am now pleased t...
Our "Success with Vulnerability Response" series of recommended practices deep-dive webinars continues. After the great feedback from the VR Performance and CI Matching calls earlier this month, I am pleased to share with you to the next installment....
Want to learn what’s new in SecOps with the Utah release? Read on for details of six videos you can watch to find out. So what’s new? With Utah, ServiceNow has introduced two major changes within Security Operations:a new Security Incident Response W...
Use this quick reference guide to get started with Vulnerability Response! The attached quick start guides you through the most important features to get value in your Vulnerability Response application.
Vulnerability Response Usage calculations are viewed in a few different areas, Subscription Management and VR Usage summary Report(Starting version v16.5.4). We will discuss how each method calculates usage metrics. The main calculations used for ...
The matching of your CMDB's Configuration Items (CIs) to the list of hosts and vulnerabilities brought in by your scanner is key to the success of your Vulnerability Response (VR) implementation. Here are some resources on CI Matching that will be ...
Hi everyone! The attached guide is focused on getting started with the user reported phishing use case, as a quick-win, and provides a high level walk through of the steps needed to get started. It also includes links to more detailed implementa...
Starting from v18.0, Vulnerability Response brings in cloud attributes for cloud resources from the scanners and makes them available for usage in CI lookup rules and other downstream functions. This enables easy and accurate lookup of cloud resourc...
On February 3, French Computer Emergency Response Team (CERT-FR) reported the exploitation of a 2-year-old vulnerability (CVE-2021-21974) that exists on unpatched ESXi servers. Attackers were able to successfully exploit and launch ransomware attack...
Sarah Wood
ServiceNow
LisaLatour
Eric Feron
Mary Hain
seanflack
Steph Morillo
