Let's connect together
Join us to make our over 890K member community even better. Create your free account and make the world work better for everyone.
Join the Community
Published on by
Lolita Honkpo
| Updated on
| Updated on
If you are looking to learn more about what’s new in ServiceNow's latest Security Operations release, this session is for you! Join the Security Operations product team to explore our latest new features and enhancements across enterprise security case management and attack surface management, and how to start using them in your organization.
About Live on ServiceNow®: Live on ServiceNow is our latest event series to help you deploy, adopt, and achieve value faster from your ServiceNow solutions. Each event features an interactive discussion with a product expert, so be sure to come prepared with your questions! Click here to see the full catalog of LOSN events.
Event Q&A:
| Question | Answer |
| How does the AI agent generate the initial proposed resolution plan? By analyzing the incident's associated runbook and playbook? | Yes, as well as past incidents, tasks, other records, and other data that resides in ServiceNow. The AI Agents are also pre-trained by ServiceNow so as to reduce the learning time. Learn more here: https://www.servicenow.com/docs/csh?topicname=now-assist-sir-resolve-incident-ai-workflow.html&versi... |
| For the On Call Scheduling, what third-party integration is available? | The on-call scheduling in SIR utilizes the same functionality as the on-call scheduling in ITSM so it can integrate with and utilize Slack, Teams, email, text, voice messages, etc. For example, https://www.servicenow.com/docs/bundle/yokohama-it-service-management/page/administer/on-call-schedu... |
| What is the LLM Model being used for the AI agents? | We are using our own proprietary LLM, as opposed to a third party, so that data does not need to leave ServiceNow and can stay within the ServiceNow private cloud: https://www.servicenow.com/community/now-assist-articles/now-llm-generative-llm-for-enterprise-ai-us... |
| Determining impact on servers for CVEs requires that there be information about the software, hardware, and versions that exist on servers or containers. How does SNOW ensure this data is correct and accurate and matches the CVEs (are there CPEs?)? | Great call out! Today, the Assess Exposure Workflow primarily uses the CIs that are referenced on the Vulnerable Item records themselves (as a reference point) to determine where we might be impacted by a given CVE and similar NL queries. In the future, there are plans (subject to date changes) that will look beyond this and into environmental details like Operating System as well as CPE strings for CVEs to support additional VR Agentic AI Workflows (e.g. tell me what the patch or solution is for this vulnerability on this particular asset). |
| Do the AI agents work at scale? For example, if there are 5 million vulnerable items, will the responses be quick and accurate? | The performance of the AI Agents will be dependent on the infrastructure they reside on, so that is a fair question. Thus far we’ve not received any reports, complaints, feedback about performance issues, nor have we seen any issues with our customers who are beta testers and design partners, however, if you or any of your colleagues do experience performance issues, please let Support know so that ServiceNow can quickly resolve. |
| Is SAE exception approval enabled if you're using GRC/IRM exception process integration? | The Smart Assessments are compatible with the VR Exception process pointed to IRM Policy Exceptions. |
| How many previous security incidents are needed to get robust resolution steps for new security incidents? | The AI Agents are pre-trained by ServiceNow to reduce that learning time, but it is also dependant on the data in ServiceNow, so the AI Agents will “get smarter” the more they are used and the more data that gets added to ServiceNow. Again, the pre-training allows the Agents to be ready to go on day one, but how robust the responses are will depend on how much incident data and knowledge base data already resides in the instance. |
| How important are KB articles to the resolution steps generated? | KB articles are not required but do improve the quality of the response. ServiceNow AI also looks at incident data and other data, so KBs are not mandatory. |
| Are we able to train and fine-tune the AI agents? | Yes, that is done via the Now Assist Admin: https://www.servicenow.com/docs/bundle/yokohama-intelligent-experiences/page/administer/now-assist-p... |
| Is major security also enhanced in this release? | There were not any major enhancements for Major Security Incident Management in this May release, but there were some enhancements made to integration setup for Microsoft Teams and SharePoint. View more in product docs here: https://www.servicenow.com/docs/bundle/yokohama-release-notes/page/release-notes/security-operations... |
Event has ended
You can no longer attend this event.
Start:
Wed, May 21, 2025 08:00 AM PDT
End:
Wed, May 21, 2025 09:00 AM PDT