Forum Posts
Resolved! Vulnerability Response - how is table related service (sn_vul_m2m_ci_services) being populated
Hi Community,Can someone explain me how the table - Related Services - sn_vul_m2m_ci_services - is populated, or point me to an article that explains it?It seems that the data in this table is populated randomly (i suppose it is not :-))Thank youMarc...
How to create an SLA in Security incident response application for 24 hours Response SLA timeline
Hello Community,I’ve received a customer requirement to implement a 24-hour SLA timer for response and reporting purposes. The SLA should start when an analyst begins working on a specific security incident by creating a Response task and either assi...
How to set up Business Impact in the security incident response based on the CI value?
Hello ServiceNow community, I am trying to auto populate Business Impact field in Security incident response form, based on the Configuration items(CI)s field and its Tier value tied to CI. Is there a way I can turn off rules or script which auto tri...
Capturing remediation task rule
Hi everyone, Is there any way to capture a Remediation Task rule when we create a new one, or update or delete an existing one? I had my update set on when I created it, but it was not captured. What is the standard practice to move the Remediation T...
Resolved! Is there a way to not open a workspace when clicking on module links?
We recently installed the Security Common Workspace to upgrade the IT Remediation Workspace, Vulnerability Manager WS, etc. However, now when trying to open files in a simple list, such as Discovered Items, it launches a workspace. We would like to...
How to pass trigger record sys_id from Playbook activity to Data Definition's reference qualifier
In ServiceNow playbook, is it possible to pass the trigger record sys_id from an activity to the data definition's flow variable's advanced reference qualifier for a questionnaire activity? javascript:(function() { var ids = []; var gr = new Gl...
SIR: Prevent Incident Closure Without Completed Assessments (OOB or Custom?)
Is there any OOB feature in ServiceNow SecOps SIR that prevents closing a security incident unless assessments are completed? Or do we need to customize this with a business rule/workflow?
VR - Vulnerabilities for AWS resources that do not support scanners installed on them.
How is everyone getting vulnerabilities into ServiceNow for resources that do not support a scanner being installed on them? We have scanners like tanium, tenable, microsoft tvm. Looking at using the AWS Connector to bring over security findings but ...
Vulnerable Items have empty detection
I found bunch of Vulnerable Items have empty detections. They are newly created VITs by Tenable I.O.Can anyone suggest what possible root cause could be? Also, where should I start to look into this issue? Thank you in advance.
Resolved! SOLVED: How to recalculate Risk Rating for Remediation Tasks?
Hi,is there a way to recalculate only the Risk Rating fields for the Remediation Task table(s)? We've followed the documentation on how to update Risk Score Weights (sn_sec_cmn_risk_score_weight).Additionally we've added a few new Risk Score Weights ...
How to Associate Artifacts to Case in a Workflow
I've developed a workflow that will automatically create a TISC Case when certain criteria is met with an ingested Threat Report. Is there a way to associate Artifacts (specifically Observables, Indicators, and the Threat Report itself) to the newly...
Predictive Intelligence section Security Incident form
Hi Team,While analyzing the Out-of-the-Box (OOB) Security Incident form in ServiceNow, I noticed a section labeled Predictive Intelligence in the Form Builder. This section contains two read-only fields:Machine Learning PredictionConfidence ScoreIt a...
test strategy template
I'm currently working on Quality Assurance in my ServiceNow project and am looking for a solid test strategy template. If anyone has a good reference or example to share, I’d really appreciate it. Thanks in advance!
