The "Success with Vulnerability Response" series of recommended practices deep-dive webinars continues. Following your VR implementation, there are a number of maintenance considerations and processes to put in place to maintain a health VR implemen...
The "Success with Vulnerability Response" series of recommended practices deep-dive webinars continues. One of the most requested topics by customers via our customer voice questionnaire is VR Integrations, and as a result, we conducted a recommended...
The "Success with Vulnerability Response" series of recommended practices deep-dive webinars continues. After the great feedback from the VR Performance, CI Matching and Assignment & Classification rules webinars earlier this year, I am now pleased t...
Our "Success with Vulnerability Response" series of recommended practices deep-dive webinars continues. After the great feedback from the VR Performance and CI Matching calls earlier this month, I am pleased to share with you to the next installment....
Want to learn what’s new in SecOps with the Utah release? Read on for details of six videos you can watch to find out. So what’s new? With Utah, ServiceNow has introduced two major changes within Security Operations:a new Security Incident Response W...
Use this quick reference guide to get started with Vulnerability Response! The attached quick start guides you through the most important features to get value in your Vulnerability Response application.
Vulnerability Response Usage calculations are viewed in a few different areas, Subscription Management and VR Usage summary Report(Starting version v16.5.4). We will discuss how each method calculates usage metrics. The main calculations used for ...
The matching of your CMDB's Configuration Items (CIs) to the list of hosts and vulnerabilities brought in by your scanner is key to the success of your Vulnerability Response (VR) implementation. Here are some resources on CI Matching that will be ...
Hi everyone! The attached guide is focused on getting started with the user reported phishing use case, as a quick-win, and provides a high level walk through of the steps needed to get started. It also includes links to more detailed implementa...
Starting from v18.0, Vulnerability Response brings in cloud attributes for cloud resources from the scanners and makes them available for usage in CI lookup rules and other downstream functions. This enables easy and accurate lookup of cloud resourc...
On February 3, French Computer Emergency Response Team (CERT-FR) reported the exploitation of a 2-year-old vulnerability (CVE-2021-21974) that exists on unpatched ESXi servers. Attackers were able to successfully exploit and launch ransomware attack...
When looking at discovered items, the “State” is showing as “Matched” but CI matching rule is blank. The WHY VR fails to find Discovered item by Source ID VR fails to find a CI match by CI lookup rules IRE does find a CI match VI CI Identifie...
he SecOps Business Unit conducts quarterly roadmap sessions to talk about what is coming in the future. You must be given access to this group. It is a private group. Customers, Partners and employees are welcome. The administrator coordinating this...
Improving Usage of CWE, CVE & CPE One common theme to improving the usage of these vulnerability standards across the ServiceNow (SN) platform is to handle the challenges of visibility and accessibility. Unfortunately, it’s common for security profe...
Background: Many of the CISO’s security executives struggle to build awareness of the various accomplishments and struggles related to the enterprise's security posture. Leaders for vulnerability and incident response management need a shared view t...
Our Global Incident Response team keeps a low profile, but their work is critical to detecting and mitigating threats to employee data and network security. In this new blog, GIR team members talk candidly about the power of citizen development. Th...
Incident response teams are faced with an ever-increasing number of security incidents to respond to. In these times of a global pandemic, Cybercriminals have been employing the tactic of sending phishing emails that appear to come from trusted brand...
Hello SecOps Community, I am pleased to be able to share with you the recently finished Performance Analytics for Security Operations document. This document was put together with the hopes of de-mystifying Performance Analytics for security practiti...
Background As part of the journey into managing enterprise vulnerabilities, it’s vital to understand how to prepare for your Vulnerability Response (VR) Deployment. Initially, it might seem overwhelming, but a well thought-out and deliberate approac...
Hi There, This is in continuation of part 1 which i have posted few days back. This include few more terminologies from Security Incident Response which will help you to understand it more. PIR- Post Incident Review Configure Escalation Groups If an...
Sarah Wood
ServiceNow
Lisa Latour
Eric Feron
Mary Hain
seanflack
Steph Morillo
