We are looking for someone who has implemented Security Incident Response and could provide perspective on what the overhead looks like from an on-going support perspective. Any comments here or willingness to connect would be appreciated.
when we raise a request exception for a vulnerable item, a Survey popup will appear but user can close without filling the fields. we want to make the user to fill form and submit then only exception request process needs to start.
Hi Everyone, We have implemented VR in ServiceNow by integrating with Qualys, it is working fine, however when trying rescan option, the integration if failing with below errorWe reached out to HI team about this, they said that"""Most Probable Cause...
Hello, Has anyone implemented a workaround to have Sentinel close SIR incidents since the integration is not bi-directional in this regard? Thanks!
Hi All,We have an integration with Tenable for our SN's Vulnerability Response.Lately I've got such a requirement:Vulnerable items should be marked as exception each time when CI scanned in Tenable has superseded patches in it.Has anyone had any expe...
Hi,I want to remove "By Priority" widget in Overview section of Security Incident Response Workspace and want to add my own custom widget. Please refer the attached screenshot
I would like to automatically create remediation task anytime a Known Exploit Vulnerability (KEV( is added to the catalog. Sometimes, 1 CVE is added at a time and other times it might be several. Due to the way we ingest vulnerability data, we ingest...
Vulnerability information integrated from third parties (such as Tenable)To link this vulnerability to CI, it is necessary to search for configuration items.Is it correct to think that only lookup rules are used at this time?Are IRE or identification...
Presently, Github generated SBOM SPDX files cannot be ingested into ServiceNow SBOM capability without a conversion or, at minimum, a manual code hack in the json file (which is not ideal).Although we can always automate SBOM ingestion via actions, i...
I'm working on setting up a vulnerability exception approval flow in ServiceNow SecOps and need help designing the following process:First-level approval by users from Group A.After approval, a recommendation task is created for users from Group B.Gr...
When viewing the new Instance Security Center dashboard's Daily Compliance Score, I notice the score does not update. It says the last time it was updated was 5/31 and only looks like it contains 5/29-5/30 data. This is a new Madrid (from Jakarta) ...
Hi everyone,We’re currently implementing the CISO Dashboard and are running into an issue where it does not respond to any configuration changes.Even after adding custom Metrics or Supporting Dashboards, the main dashboard continues to display only t...
HiWe're having a bit of trouble adding multiple affected users into SIR tickets using the Azure Sentinel Incident Ingestion Integration. We are able to ingest Sentinel Account entities (${Account: properties(displayName)}$) using a simple glide get q...
We're trying to setup SLAs for Security Incidents and not getting any helpful metrics per SIR. Posting the configurations. The relevant fields are empty and "Made SLA" is always true. How can we get these fields to show details? Are these numbers tra...
SeqOps-VR's vulnerability management provides an OOTB feature for manual capture of vulnerabilities. Reference:https://www.servicenow.com/docs/bundle/vancouver-security-management/page/product/vulnerability-response/concept/manually-ingest-vulnerabil...
