Looking at the Microsoft Defender Endpoint integration with Security Incident Response and can't find documentation anywhere that goes into detail about contacting a host that is no longer online. Is there a looping process that continues to try to i...
Hi All,I need to perform a task on Security Incident Response Module, where i need to integrate the Zscaler application to servicenow from scratch.i struct with the admin account creation part in zscaler.can anyone of you guide me am i on the right p...
Hi everyone, I am troubleshooting an issue with auto resolving duplicate vulnerabilities reported by different scanners in vulnerability response. We have integrations setup with Tanium and Microsoft TVM. These scanners are creating VITs for the same...
Hello All, I am new to SecOps implementation and got an opportunity to configure a new Playbook in the Security Incident Response. What are the best practices need follow? What are the prerequisites? How to implement a new Playbook for enriching the ...
Afternoon all.... I am deep diving into the Certified Implementation Specialist - Security Incident Response CIS-SIR exam. I'd be grateful for any pointers and advise in terms of what online resources to use. I have the Mainline Exam Blueprint, I hav...
Hi Team, there is a requirement from client to create a dashboard for Security incident and make that visible to end users(snc_external) in CSM portal. Can you please suggest the possible ways. Thanks,Pooja
Hi,Few of our exception rules gets expired in a week, so when I clicked on request exception button, fill in the details and submit it, the page just reloads and nothing happens, don't see any approvals getting triggered. Please assist.
We are using OOB VR and integrated with Microsoft Threat & Vulnerability Management. It created a bunch of Discovered Items some of them are Unmatched. We were wondering how Matching type of DI was populated as Created by IRE, also is there any techn...
If I create a report based on created date and request ID so I can get in particular time frame how many requests created, or we have.currently i am getting below data on y axis - same day, 2 days, 2-5 days, 5-7 days, 1-2 weeks .....etc Now i want t...
Hi, I have enabled the OOB plugins for SIR and SIR UI and need to access playbooks from security incident New UI. While clicking on playbook icon I am getting the message "No playbook found , Please contact your administrator". all the runbooks are i...
Hello all, I have implemented the Splunk ES integration with SecOps to automate notable ingestion. We are polling Splunk to fetch notables every 4 minutes. I want to know when we send a poll to Splunk, how far in the past is ServiceNow trying to requ...
I am trying to filter the data that comes from Rapid7 to SN VR module based on the asset tags in Rapid7. Although SN provided a documentation on adding additional parameters (https://www.servicenow.com/docs/bundle/xanadu-security-management/page/prod...
One Application Service record was created when the scanned data was linked to ServiceNow.This was not included in the original scan data, and a new Application Service was created when Windows with dependencies was registered.If anyone knows the rea...
Hi folks,I have two questions about VR Tenable integration. The screenshot is from PDI.1. Can someone explain me the difference between Tenable.io and Tenable.sc?2. Which scheduled job should I keep active to import daily data from Tenable to SN?
Hi, If anyone is interested, you may consider voting this idea up: Word Doc or PDF for SIR Post Incident Review
