We are looking for someone who has implemented Security Incident Response and could provide perspective on what the overhead looks like from an on-going support perspective. Any comments here or willingness to connect would be appreciated.
Hi Everyone, We have implemented VR in ServiceNow by integrating with Qualys, it is working fine, however when trying rescan option, the integration if failing with below errorWe reached out to HI team about this, they said that"""Most Probable Cause...
Hi All,We have an integration with Tenable for our SN's Vulnerability Response.Lately I've got such a requirement:Vulnerable items should be marked as exception each time when CI scanned in Tenable has superseded patches in it.Has anyone had any expe...
Hi,I want to remove "By Priority" widget in Overview section of Security Incident Response Workspace and want to add my own custom widget. Please refer the attached screenshot
I would like to automatically create remediation task anytime a Known Exploit Vulnerability (KEV( is added to the catalog. Sometimes, 1 CVE is added at a time and other times it might be several. Due to the way we ingest vulnerability data, we ingest...
Vulnerability information integrated from third parties (such as Tenable)To link this vulnerability to CI, it is necessary to search for configuration items.Is it correct to think that only lookup rules are used at this time?Are IRE or identification...
Presently, Github generated SBOM SPDX files cannot be ingested into ServiceNow SBOM capability without a conversion or, at minimum, a manual code hack in the json file (which is not ideal).Although we can always automate SBOM ingestion via actions, i...
I'm working on setting up a vulnerability exception approval flow in ServiceNow SecOps and need help designing the following process:First-level approval by users from Group A.After approval, a recommendation task is created for users from Group B.Gr...
When viewing the new Instance Security Center dashboard's Daily Compliance Score, I notice the score does not update. It says the last time it was updated was 5/31 and only looks like it contains 5/29-5/30 data. This is a new Madrid (from Jakarta) ...
Hi everyone,We’re currently implementing the CISO Dashboard and are running into an issue where it does not respond to any configuration changes.Even after adding custom Metrics or Supporting Dashboards, the main dashboard continues to display only t...
We're trying to setup SLAs for Security Incidents and not getting any helpful metrics per SIR. Posting the configurations. The relevant fields are empty and "Made SLA" is always true. How can we get these fields to show details? Are these numbers tra...
Do the split tenable detections using proof still work without port granularity turned on? See this article: Split Tenable detections based on the vulnerability instance to split vulnerable items. It isn't mandatory to select port granularity in orde...
Hi, We have the below property enabled on VR Tenable.io integration:Since this is enabled, ServiceNow has generated vulnerable items in 'open' state for the plugins that have a 'fixed' state in Tenable. If we disable the above checkbox, will all the ...
Basically, I installed sn_vul_r7(rapid7 integration for security operations), Validated API key and region successfully.After that I run Site filter integration and got all the site's information successfully, I choose one specific site to get the da...
Hi all,I’m running into an issue where the API key value in ServiceNow is not updating correctly.Here's what's happening:I updated the API key in a system property or credential record.However, on the configuration page, it still shows the old key (e...
