Has anyone integrated Vulnerability with Tenable Professional instead of Tenable Security Center?
The application on Store seems to only be available for Security Center, not for Professional
Forum Posts
Email Parsing vs Inbound Email Actions
Do we need an inbound email action, when there is already an email parsing for security operations? How is both different from each other and should both be used for processing inbound emails for security incidents or just email parsing.
SecOps email inbox for incident creation
Hi folks, I realise there is a similar question here around this topic but I don't think it fully answers my current problem and my SIRI book is not very clear on the matter... I am currently implementing Security Incident Response which has a couple...
How we can Procure the SSL/TLS certificates for ServiceNow Mid Server.
Hi All, As per our Client requirement it is asked to increase Mid Server Security.We have gone through the Link carefully-->https://docs.servicenow.com/bundle/london-servicenow-platform/page/product/mid-server/concept/mid-server-security-encryption.h...
Mobile App Screen Shot Disabled?
How can I enable Mobile App screen shot's for our development instance? My personal instance allows screen shots on my Android Samsung 8 using the Service Now mobile app, but our development instance does not. I am an administrator, etc. We need t...
Resolved! How to prevent ServiceNow from auto-assigning users to an incident?
I am currently using ServiceNow to create security incidents based on alerts from my SIEM. My issue is that while I am able to select the correct group for the incident assignment, it is currently auto-assigning the incident to random users in that g...
Resolved! Security Incident Response manual assignment
How do I remove the assignment group which was assigned automatically upon submit? I have set the assignment rule to "Manually" for the requests. Upon creating and submitting while leaving the assignment group blank, it will be automatically popula...
Resolved! How to disable "remember me" on service portal login page?
In order to meet security compliance, I recently disabled glide.ui.forgetme on our instance. It worked great on the normal login page but the service portal login page still has the "Remember me" checkbox option (and it is functional, i.e. adds a coo...
Vulnerability Group Rule fields
Hello! I've install Vulnerability response module on my dev instance and trying to understang how it works in Kingston version. The documentation says that Vulnerability Group role has additional sections: Group by and Assignment. But in fact I see o...
your submission token does not match your session token
Hello Guys, Could anyone help me to understand from where the below message comes and how to translation it. "your submission token does not match your session token..." Thanks Gaurav Bhandari
Resolved! How can I track when data is exported from an instance?
Hi, Is there any way to track if a user is exporting data from an instance? The transaction logs give me lots of information but I'm struggling to pinpoint when the function of exporting to .csv, .xls or pdf is happening. Appreciate any help...
CIS-Vulnerability Response Certification Path?
Once an individual attains the CSA cert, is the next required cert the CIS-ITSM? Must an individual attain the CIS-ITSM prior to qualifying to sit for the CIS-VR exam?
Risk score configuration
Hi, I'm just getting started with Security incident response, and I'm lost on how the risk score gets calculated out of the box. I'm trying to go through the RiskScoreUtil script include, but just wondering if someone else has already done this, and ...
Resolved! Anyone successfully activated the Crowdstrike plugin?
Greetings,We are trying to activate the Crowdstrike plugin in our dev instance for a proof of concept cycle, however, we continue to receive error messages that we are inputting incorrect API key and AIP ID info - we pulled the API info from our Crow...
Where is the correlation_id value used?
Hello.. I have been trying to understand where is the correlation_id field is used in the security operations application when managing an incoming security event.OOB, I think the SIEM (Splunk) sends a snsecevent message to SN. I get to see the c...
