SecOps forum

Resolved! Is it allowed to disable SNC Access Control Plugin?

com.snc.snc_access_control

IBM QRadar Integration - how to fetch events automatically

Hi All,for a client we are developing an integration to in ingest new QRadar offences to Security Incident Response (SIR) on ServiceNow.The integration works fine using the plugin "IBM QRadar Offense Ingestion for Security Operations" but we need to ...

How to rename catalog item?

Security Operations Observable type mappings and creation

Hello community, We are wanting to cleanup and enrich our Observable data in order to effectively report details within the associated SIRs. I have the following goals. Focusing on 'unknown' observables (~4500 count) update the logic that maps the O...

Azure Sentinel Integration: ServiceNow Incident status not updating on closure of incident in Sentinel

Hi Team, Azure Sentinel Integration: ServiceNow Incident status not updating on the closure of the incident in Sentinel. Has anyone faced this issue?

Azure Sentinel Integration

Hello, When using the Microsoft Azure Sentinel Incident Ingestion Integration For Security Operations is it possible to update security incidents when you make changes to the mapping in the profile? For example, if I update the profile to include a f...

OOB choices for Substate fields on Security Incident form is missing.

Hi All,OOB choices for Substate field on Security Incident form is missing. normally below are the OOB Substate choices such as.1. Pending Incident2. Pending Change3. Pending Problem I have checked the Dictionary for Substate field. it seems choices...

Upon clicking on dada card on Industrial Workspace dashboard shows "Page not found"

Hi All,I have created a custom dashboard in Industrial Workspace and added data visualization (single score) to get the count from Vulnerable Item table, it shows the count correctly but when I am clicking on the count to view the record its showing ...

How to Make Email Recipients Read-Only or Remove Reply Options in Activity Stream (SIR Workspace)

Hi everyone,I'm working with the Security Incident Response Workspace in ServiceNow and looking to restrict user actions on email replies.Specifically:When a user clicks "Reply" or "Reply All" on an email in the activity stream, I would like to eithe...

Now Assist for Security Incident Response (SIR) - Generated recommended action not loading

Hi All, I recently installed the now assist SIR application and am testing it on demo data. Unfortunately, when i click "get recommendations" I am presented with an endless buffer. The only configuration I did was activate the the skills. Am I missin...

What is Incident Severity Scale?

I see it as u_severity_scale Reference but no idea what it is and has no values.I have other fields for severity, service condition, priority and urgency so I'm confused what Severity Scale was meant for or how it can be used?

Discovered Items are matched with Decommissioned CIs

Regarding Qualys integration with Vulnerability Response:Discovered Items are matched with Decommissioned CIs even when the property - 'sn_sec_cmn.filterOutDecommissionedCI' is set to true.Why does this happen?

How to disable automatic "Security Incident Response Task" creation

Whenever a Security Incident is created a related Security Incident Response Task is also created. Need to disable these related task records. Have checked through the documentation, SIR properties, configuration and flows but have not seen where to ...

Is there a way to revert to a previous stage in Playbook designer for Security Incident Response(SIR

Hi Team,I am currently working with playbook functionality in the Security Incident Response(SIR) module .While configuring a Playbook using Process Automation Designer ,I haven't found any option that allows navigating or reverting back to a previou...

Resolved! need help in auto populating catalog item 1 variable values in to catalog item 2 variables

Hi there,I have a requirement where I need to create Catalog Item 1 (considered the parent) with two variables: Manager and Employee.Once Catalog Item 1 is submitted (ordered), it should trigger an email notification to the Manager. In the body of th...

Forum Posts

Resolved! Is it allowed to disable SNC Access Control Plugin?

IBM QRadar Integration - how to fetch events automatically

How to rename catalog item?

Security Operations Observable type mappings and creation

Azure Sentinel Integration: ServiceNow Incident status not updating on closure of incident in Sentinel

Azure Sentinel Integration

OOB choices for Substate fields on Security Incident form is missing.

Upon clicking on dada card on Industrial Workspace dashboard shows "Page not found"

How to Make Email Recipients Read-Only or Remove Reply Options in Activity Stream (SIR Workspace)

Now Assist for Security Incident Response (SIR) - Generated recommended action not loading

What is Incident Severity Scale?

Discovered Items are matched with Decommissioned CIs

How to disable automatic "Security Incident Response Task" creation

Is there a way to revert to a previous stage in Playbook designer for Security Incident Response(SIR

Resolved! need help in auto populating catalog item 1 variable values in to catalog item 2 variables

Atlassian Jira integration with Vulnerability Resp...

Notify Connector for Microsoft Teams

Sysdig Container Vulnerability Response - example...

Error while executing Reapply Risk Calculators (VI...

Qualys VM integration issue

CVIT Bulk Edit

Need to add additional reference fields on Modal i...

To make closed state value visible only when curre...

Remediation Target Rules

How to add the UI action Button to the Three dots(...

Vulnerability Response: Reopened VIT reassignment

Unable to add work notes as default list view colu...

I just need to understand difference b/w Work note...

Ref info button is not working for CVITs table

Clarification on CIS–Vulnerability Response Exam V...