Hello Everyone, We have an open VIT and open detection records; however, the detection was not found since a month. I believe when no detection found, respective detection record should be marked as closed and also the VIT record. But in our case, th...
Hello, We are currently setting up the integration with ServiceNow and Azure Sentinel. We created a profile for Azure Sentinel and wanted to ask if anyone has found a good or recommended solution on aggregating alerts (step 3 of profile set up). Duri...
Hi,I have to pull a report with records close to 2 million from VIT table with 8 million active records.How to achieve it, I have a brief Idea about the pagination concept, can someone explain in detail about this. Or any other solution which doesn't...
Hello Everyone,We encountered a situation where a VIT was closed with the reason field as "invalid". The worknotes mention the following:Additional Information: Closed because of CIs do not matchClosed by: SecCommon SystemClosed VIT (VITXXXXXXX) and ...
I need to see which vulnerability calculator was used for any AVIT, CVITS or VITS, is this possible? I'm not seeing a field on the table that would give me that information and I'm just curious if I'm missing something?The reason I need to see this i...
In the following Docs' Reconcile unmatched discovered items, we understand that there is a function to re-execute CI LOOK UP for discovered items in the Unmatched state. https://www.servicenow.com/docs/bundle/xanadu-security-management/page/product/v...
HI Community!I want to install the Splunk Enterprise Event ingestion for Security Operation plugin, but i want to make sure that this plugin does not have costI saw that I can install in the production instance but...Do you know if this plugin have c...
I see that there are Discovered Items from Qualys integration that do not have an associated Vulnerable Item, and the CI is created for that Discovered Item (created from IRE). I want to limit creation of new CIs so new CIs are not created for those ...
Hi,I hope you can help me. I would like to configure the Security Incident Response Workspace, but I don't know where to start. Could you help me with info, more technical, not process and interface.Thanks!
Hi all, How can I remove or hide a column from a Security Incident table list in the SIR workspace. Even make it visible only to admin is fine. Ex. If I want to hide/remove the below columns, is there anyway to do that? Thanks PriorityBusiness Impact...
We recently recreated our remediation target rules and have been rolling them out in phases to UAT. There are some VIT's that are not being assigned a remediation target rule, despite there being a VIT that meets the conditions of the remediation tar...
Hi,A custom table say 'u_test_table' created with only two reference field 'Task' referencing to task table and 'CTR' field referencing to test result table.when this custom table is pulled on the test result table as a related list, as an admin when...
Hello everyone.The data integrated by the SecOps function initially searches the CMDB using lookup rules and identification rules.If there is no CI as a result of the search, a record such as Unclass Hardware is created.This created record is linked ...
I would like to understand how the application behaves during the subsequent month’s scan if the same vulnerability reappears after an FP (False Positive) request has been raised and closed.Currently, we are marking the FP status only in ServiceNow, ...
Hello,In a recent update (or maybe since we switched from using Rapid 7 to Tenable) we have lost the manual "Close" button for Remediation Tasks (VULs). The VUL will close automatically only if all VIT statuses are Closed - Fixed (substate). Many of ...
