SecOps forum

is anyone build the Automated test frameworks for service graph connectors ?

Next version of the SIR Workspace: Opportunity to Provide Input

The Security Incident Response team is planning for SIR Workspace 2.0 to improve and streamline the workspace experience. To shape a smoother, more effective experience tailored to your needs, our UX team is gathering feedback directly from customers...

Resolved! How can I add multiple CIs to the Security Incident form in ServiceNow?

Hello Community, I need to associate multiple CIs with a single security incident record in the Security Incident Response application form. How can I achieve this?

Resolved! How to create reports for MTTR, TTR and Total time taken to close for vulnerable items

Hi. Is there a recipe to create MTTR dashboards for time taken to close vulnerable items, in the same way there is a recipe in your community article on how to create "Reports for MTTR, TTR and Total time taken to close for incident table"?

MTTR on closed vulnerable items CISA and known ransomware

Anyone has a recipe to calculate MTTR (Mean time to remediation) for vulnerable items that are tagged CISA or Ransomware?

Is "Secure Attachment" in Security incident Response safe to upload malicious files?

Hi all, I want to know how the "Secure Attachments" are managed on ServiceNow. Say we have a phishing email that got escalated to a security incident or the analyst wants to submit a malicious file to sandbox, is it safe to upload it in "Secure Attac...

Detection Aggregation for Source-Agnostic VITs

Has anyone ever come up with a way to rollup up detections to a single VIT, regardless of scanning source? I've had SecOps people ask me, if the CVE and CI are the same, why can't I add the new detections to an existing VIT, regardless of who found i...

Tenable - How can I map info from Tenable.io to a newly created field on the Vulnerability Item

The Tenable.io integration is creating and updating Vulnerability Items no problem However we created new String field on the Vulnerability Item form and we want to map some data from the Tenable.io Vulnerability item Data source so when the VITs get...

How to increase space between banner and search bar in Service Portal?

Hi,Could anyone please help me understand how to increase the spacing between the banner and the search bar (as highlighted in the image)? We’d like to move the search option slightly lower on the page.

How to Prevent Risk Score Audit Entries in Activity Stream

Hi Community,I'm working on a requirement where I need to suppress audit entries related to Risk Score from appearing in the Activity Stream whenever the Priority field is updated on a record.Has anyone implemented a similar solution or can suggest t...

Penetration Test vulnerability in serviceNow

We had penetration test in servicenow for potential vulnerability and found to fix below two. LUCKY13 — Remediation requires disabling the vulnerable ciphers, as noted in the information above.• Instead of CBE Cipher Suites, use AEAD Cipher Suites su...

Installing Vulnerability Response Application on Personal Developer Instance (PDI)

Hello All,I requested a Xanadu version of a Service Now instance and everything is working with the base install. When I am trying to install install the Vulnerability Response application 26.2.2 version, after installing a bunch stuff, it seems to b...

Vulnerability Response - Assignment rules

Hello, We have only 1 Assignment rule in place that runs and groups VITs by Assignment group & Vulnerability.But we see that there are Remediation tasks are created from that Rule & has VITs that are assigned to multiple different groups. What could ...

Shodan integration no longer working

Hi, We have noticed that the Shodan integration no longer works.It would seem that the API has changed; both in address & format This has been passed on to both Shodan & ServiceNow.However, our clients are still faced with an issue. Anyone else facin...

CrowdStrike Falcon Exposure Management – Incorrect 'Last Found' Date on Detections

Hi everyone,I've recently configured the CrowdStrike Falcon Exposure Management for Vulnerability Response app (x_crowd_vulnerabil) in my ServiceNow instance. The integration is successfully ingesting detection payloads, but I've run into an issue wi...

Forum Posts

is anyone build the Automated test frameworks for service graph connectors ?

Next version of the SIR Workspace: Opportunity to Provide Input

Resolved! How can I add multiple CIs to the Security Incident form in ServiceNow?

Resolved! How to create reports for MTTR, TTR and Total time taken to close for vulnerable items

MTTR on closed vulnerable items CISA and known ransomware

Is "Secure Attachment" in Security incident Response safe to upload malicious files?

Detection Aggregation for Source-Agnostic VITs

Tenable - How can I map info from Tenable.io to a newly created field on the Vulnerability Item

How to increase space between banner and search bar in Service Portal?

How to Prevent Risk Score Audit Entries in Activity Stream

Penetration Test vulnerability in serviceNow

Installing Vulnerability Response Application on Personal Developer Instance (PDI)

Vulnerability Response - Assignment rules

Shodan integration no longer working

CrowdStrike Falcon Exposure Management – Incorrect 'Last Found' Date on Detections

when creating remediation tasks 'created by' as Se...

Security Incident Response force security incident...

CVR Integration with Cortex

CVE for Windows devices getting matched with Linux...

SIR Architecture or System View Diagram

Metrics for Vulnerability Response

Remediation target status of Target Met

Viewing Vulnerable Item related exception question...

How to handle temporary / ephemeral builds with Vu...

Document templates for VRM tables

Workspace View

Is container VR a prereq to updating to the new Se...

Hi there,I started learning the SecOps fundamental...

Remediation tasks not created when VIT risk rating...

CVIT Bulk Edit