Hi,We need to make closed state value visible only when current state is review in SIR workspace. We tried using onChange client script as well as Before business rule but its not reflecting in workspace. Is there any other way to configure this? Is ...
Can anyone provide me with an example of the response.json received from Sysdig on the endpoint https://<server>/api/scanning/v2/runtime/vulnerabilities?The reason I ask is that we are on-prem with both sysdig and servicenow and sysdig only offer th...
GOAL: To reevaluate and reset the Remediation Target Date for a Vulnerable Item if the Risk Rating changes due to the Source Risk Score changing. DETAILS:Qualys Integration with Vulnerability ResponseWe use QDS score from Qualys to set the Risk Score...
Hi All, I am looking for guidance and best practice on how to handle Zero day Vulnerabilities in ServiceNow for cases where CVE's are not available. Came across the below KB article which talks about creating a new table by extending OOTB Vulnerabili...
Hi,We currently use Source Risk Score from Qualys (Qualys Detection Score; QDS) to do a direct map to our Risk Score in ServiceNow. QDS combines the severity of the vulnerability with other Threat Intelligence to get that Risk Score. Quite frequent...
Hello Community, I have a Security Incident Task change notification in place which triggers on event named- "sn_si.TaskAssigned". But for some reason the notification would not trigger anytime I make a change on the SIT state, or Priority or even ch...
Hello. We have issue with OOTB - Request risk reduction for a vulnerable item.When we request:A. Request for DeferralB. Request for Risk Reduction Two "State Change Approvals" are being created for A and BWhen we do all approvals A is going in to App...
I came across a ServiceNow Product Doc that states that "CI reclassification is possible only between two classes that have identical identification rules." What does it mean to have identical identification rules? And how does reclassification happe...
I'm trying to enable cross-widget interaction-where selecting a data point in one visualization(e,g, a donut or bar chart) dynamically filters or updates the other widget on the same dashboard. I've configured multiple widgets and global widgets wor...
Is there any known way to manually change an individual VIT risk rating? I know you could do it via a calculator rule targeted for that specific CI/instance but that is a bit too specific and would lead to a runaway list of way too many rules. We hav...
Hi. I have a question about "Populate Internet Facing attribute on Hardware".The value of the "Internet Facing" field in the Hardware table is updated by the "Populate Internet Facing attribute on Hardware" in the sysauto_script table.The execution t...
HiWe're having a bit of trouble adding multiple affected users into SIR tickets using the Azure Sentinel Incident Ingestion Integration. We are able to ingest Sentinel Account entities (${Account: properties(displayName)}$) using a simple glide get q...
Hi all has anyone successfully mapped the MITRE Technique ID/Name from Azure Sentinel source data into the Security Incident? We have been informed from our analysts that the Technique is available for the Sentinel incidents but it does not appear ...
Hello, Has anyone implemented a workaround to have Sentinel close SIR incidents since the integration is not bi-directional in this regard? Thanks!