creationg groups fro SIR module
i need to create SIR Integration group so which roles are suitable for this group can you please suggest me
Forum Posts
Resolved! ServiceNow Configuration compliance not pulling all data from qualys on OOB API parameters
Hello All, We are seeing this weird behavior on ServicewNow Configuration compliance : >>where in we are using OOB API parameters. >>test results are getting created >>but the amount of failed test results generated by Qualys (weekly qualys report) ...
Remediation Task in Configuration Compliance are not getting created automatically
This is the remediation task rule that is configured in the configuration compliance remediation task rules table (sn_vulc_grouping_rule).What I want is to create remediation task based on the condition that if any of the Test Result is created with ...
Resolved! How to add new line "\n" as delimiter for Splunk field mapping?
Hello all, I just wanted to know if I can set new line "\n" as a delimiter for Splunk ES field mapping. If I do comma separation, the data looks quite shabby, as I'm trying to populate the description field with 8-9 fields. I tried putting "\n" in t...
Resolved! Remediation tasks are still open though associated VIT’s are closed
Hi everyone,I've encountered an issue where some Vulnerability Remediation (VUL) tasks or remediation tasks remain open, despite their associated Vulnerable Items (VITs) being 100% closed. Can anyone help me understand why this discrepancy occurs, an...
Resolved! Qualys Integration - VMDR 2.0 QDS Score
Hi All, We have recently gone live with the VR module in ServiceNow and have the integration in place between our Qualys instance. Just after we went live with ServiceNow module, Qualys updated the VMDR module to 2.0 and introduced its QDS scoring m...
CrowdStrike Falcon Sandbox Integration - Access Denied Error
Hello All,I'm facing an issue while integrating CrowdStrike Falcon Sandbox with ServiceNow Security Operations. When submitting a URL for malware analysis, I receive the following Error: 'access denied, authorization failed' occurred while submittin...
CI Lookup Rules
Hi Folks, I am troubleshooting an issue where in i need to understand the CI mapping rules for VM Rapid & data import. Issue - Rapid7 (Intsights VM) has scanned a asset with URL - xyz.com however when the VI got created it was created with IP address...
Fast track solution for expediting particular CVE:s with notifications
Hello everyone, I’m looking to set up a fast-track solution for managing critical CVEs (Common Vulnerabilities and Exposures) that require immediate attention. Here’s a brief overview of what I’m aiming to achieve:Ad Hoc Remediation Targets:I need a ...
Resolved! On which table the cancellation reason of playbook in security incident is stored in servicenow?
Hi All,I need an information regarding cancellation reason of playbook in SIR.On which table the cancellation reason of playbook in security incident is stored in ServiceNow?Thanks,Kushal
Need the ability to run vulnerability assignment rules on Closed or Inactive vulnerabilities
Context:In the Application Vulnerability Response plugin, we are working with a vendor that doesn't have an integration, so we've built import sets to import the data. Issue:We aren't able to run the Assignment rules on Closed or Active = false vulne...
Resolved! TISC MITRE Threat Intel Feeds - How to Enable?
I have installed the Threat Intelligence Security Center app, and am working in the integrations view to get threat feeds from MITRE. In the docs, it looks like you need the sn_sec_tisc.admin role, which I have granted myself. From the docs, it als...
VR Request Extension not working
I am testing our approval rules for VR and I am to the point where I am testing an extension of an exception. When I click the UI action to request an extension the Window opens for me to enter the date and reason but after I submit that nothing happ...
Resolved! CMDB Install state moves to retired or non operational
Hi Everyone, What happens to a CI when it is not discovered for 60 days? Any OOB scheduled job will run and change its state? Without any configuration? Something from OOB? Thanks!
Resolved! Remediation Status and Defferal / Exception
I'm trying to understand how the Remediation Status is affected for Vulnerable Items (VIT) that are placed in a deferral status.If the Vulnerable Item has a Remediation Status of "Approaching Target" and then the VIT is deferred, does the status rema...
