Hi Community, We’re currently implementing Security Incident Response (SIR) for a customer using the Microsoft Azure Sentinel integration. They’re looking to include MITRE ATT&CK information (Tactics and Techniques) in their Security Incidents; howev...
Hi Team, We are building integration between Microsoft Azure sentinel to ServiceNow SIR record. Sentinel has MITRE Technique ID and we want to fetch that ID and map it to Tactics and techniques in SIR record fields. Please be informed we have Threat ...
Hi,We have an API from Sentinel which creates records directly into the sn_si table as Security Incident. This integration passes the MITRE Technique T numbers into a custom "techniques" field today as well as the Tactic numbers into a different cust...
We have integrated the Azure Sentinel with ServiceNow for Security Incident creation, and it also passes the Tactic and Technique information. We have enabled the MITRE ATT&CK matrice (Enterprise) and the associated techniques, however, this is only ...
Hi Team, We have configures bidirectional integration for Microsoft Azure Sentinel and SIR ServiceNow ,there is a requirement to fetch custom field on sentinel called as site_name we want to map it to Business Unit of SIR record . while checking azur...
Hello! Scenario: We have already implemented the SecOps integration with Sentinel and our current CMDB uses both IP or hostname as identifierQuestion 1: What is the best "Azure Sentinel Source Fields" to map to the "ServiceNow Configuration Item" fie...
Hi ServiceNow Community, I am currently working with mapping entities from Sentinel to ServiceNow using the plugin called Microsoft Sentinel (x_mioms_azsentinel). The problem is that the entities on the Sentinel tickets are being mapped to Work notes...
Hi, Have run into some issues with CI matching for Vulnerable Items sourced from tenable.sc. The records in question used MAC address matching and that returned incorrect CI as the MAC address is related to network adaptor records for multiple devi...
Hello,which roles must be assigned to an agent to handle responses tasks without having access to the security incident responses father?Thanks for your help
After clicking Request Exception/False Positive and the completing the first popup, the VCA record and approvals are generated but the questionnaire does not appear. I have recently reverted the UI Page and UI Actions for an instance but there must b...
Hi All, I have requirement of integration Palo Alto XSOAR to create Security Incident Response in ServiceNow.Can anyone help me to implement plan? can we configure bi-directional between XSOAR and ServiceNow?regard,Amit
Hi all,I'm looking for the detailed permissions this role provides and what use cases there are for it please.Thank you.
In-Depth Guide: Integrating ServiceNow with Qualys Integrating ServiceNow with Qualys can streamline your organization’s vulnerability management and incident response workflows. This comprehensive guide provides a step-by-step process to set up t...
Looking at the Microsoft Defender Endpoint integration with Security Incident Response and can't find documentation anywhere that goes into detail about contacting a host that is no longer online. Is there a looping process that continues to try to i...
Hi All,I need to perform a task on Security Incident Response Module, where i need to integrate the Zscaler application to servicenow from scratch.i struct with the admin account creation part in zscaler.can anyone of you guide me am i on the right p...
| User | Count |
|---|---|
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |
