SecOps forum

VR: ATF File Upload

Hi everyone, I'm currently working on an Automated Test Framework (ATF) test to validate a custom notification that is triggered during the VR Manual Upload process. As part of this, I need to simulate a user uploading a CSV file through the manual u...

SecOps observables: manual steps guide and scope to automate them?

Hi Team,Are there any recommended BAU (Business-as-Usual) practices or reference steps that Security team members should follow when handling different types of observables (e.g., IP addresses, file hashes, domains, etc.) in ServiceNow? Additionally,...

Dashboard and Report Edit access in workspace

1. Need to give edit access to SIR analyst for OOB Security Incident Analyst Dashboard and for the reports under it.On giving edit access to the dashboard, the report under the dashboard gives -You cannot configure this element. The owner did not sha...

Does anyone have experience using Advanced Work Assignment with Security Incident Response?

I have attempted to set up AWA so that I can route security incidents to the various security response teams, but the results vary and do not appear to be utilising my designated queue or assignment rules. I have turned off the default SIRT rule and ...

Microsoft Teams issue with IOS

Hi Team , has anyone has detected an issue during the logon on an IOS. It seems a loop behavior between Teams application and Microsoft Authenticator. #MicrosoftTeams

Creating an Indicator Template and generate indicator just to specific controls

I’d like to know if it’s possible to create an indicator template in GRC, add in a control objective, and then apply a filter to select only specific controls that I want the indicator to be associated with. The goal is to ensure the indicator is onl...

ServiceNow Teams (chat and conference call) integration for SIR

I'm reaching out for assistance with an integration related to our Security Incident Response (SIR) module. The process owner is looking to integrate Microsoft Teams to enable chat and conference call functionality within the SIR workflow. Please ref...

Hide urgency and impact fields on security incident in SIR workspace? Will it have any impact?

Hi, We have a requirement to hide impact and urgency fields present in security incident in SIR workspace. If we hide it, will it have any impact on the flow?

Can we import playbooks in SIR ServiceNow from IRIS tool?

Hi, Is it possible to import existing customer playbooks from IRIS tool to ServiceNow?

Resolved! roles required for security catalog access

I want to know which roles are required for accessing security catalog ?

A vulnerable item was not grouped into any remediation task

A vulnerable item was not grouped into any remediation task although all the conditions matched the VIT and there is no missing data. So the issue is that VIT now does not have any remediation task. What could be the possible issue?

Monitoring Vulnerability Response Exception Rules

Is there a way to determine which Exception rule resulted in a deferral, similar to the assignment rules, where the assignment rule is tracked in the VIT?If not, this may be a valid enhancement request.Aside from identifying why the VIT was deferred,...

Resolved! Modules & workspace not available for security incident response after installing plugins

Hi, I have installed the plugin "sn_app_secops_ui" for security incident response response application in my PDI, which has also installed the dependent plugins "sn_si" and "sn_si_aw". However I cannot find any data/ Table, workspace related to secu...

Resolved! How does Application Vulnerabilities Response handle unmatched Application CIs

Hi Community, We are currently exploring on Application Vulnerability (AVR) in ServiceNow, and i have come across a scenario where need your help to understand it. When a vulnerability scanner (Veracode) identifies a new application vulnerability in ...

Daily Extract of Reports to Sharepoint site or Shared Drive

Hi Everyone, I was wondering, how to link daily extract of two reports to a SharePoint site. While scheduling the report, is there a way to configure to go to a SharePoint site? or Shared Drive? Any help would be greatly appreciated. Thank you

Forum Posts

VR: ATF File Upload

SecOps observables: manual steps guide and scope to automate them?

Dashboard and Report Edit access in workspace

Does anyone have experience using Advanced Work Assignment with Security Incident Response?

Microsoft Teams issue with IOS

Creating an Indicator Template and generate indicator just to specific controls

ServiceNow Teams (chat and conference call) integration for SIR

Hide urgency and impact fields on security incident in SIR workspace? Will it have any impact?

Can we import playbooks in SIR ServiceNow from IRIS tool?

Resolved! roles required for security catalog access

A vulnerable item was not grouped into any remediation task

Monitoring Vulnerability Response Exception Rules

Resolved! Modules & workspace not available for security incident response after installing plugins

Resolved! How does Application Vulnerabilities Response handle unmatched Application CIs

Daily Extract of Reports to Sharepoint site or Shared Drive

Has anybody used tag_set_exclude parameter in Qual...

CVE for Windows devices getting matched with Linux...

SIR Architecture or System View Diagram

VR and Prisma Registry - Using the Auto-Close Rule...

Please upvote idea portal submission regarding mul...

Remediation target status of Target Met

Viewing Vulnerable Item related exception question...

How to handle temporary / ephemeral builds with Vu...

Document templates for VRM tables

Workspace View

Is container VR a prereq to updating to the new Se...

Hi there,I started learning the SecOps fundamental...

Remediation tasks not created when VIT risk rating...

CVIT Bulk Edit

Need to add additional reference fields on Modal i...