Roles for security incident response tasks
Hello,which roles must be assigned to an agent to handle responses tasks without having access to the security incident responses father?Thanks for your help
Forum Posts
Vulnerability Response Exception/False Positive Questionnaires Not Opening
After clicking Request Exception/False Positive and the completing the first popup, the VCA record and approvals are generated but the questionnaire does not appear. I have recently reverted the UI Page and UI Actions for an instance but there must b...
Plao Alto Cortex XSOAR integration with SIR
Hi All, I have requirement of integration Palo Alto XSOAR to create Security Incident Response in ServiceNow.Can anyone help me to implement plan? can we configure bi-directional between XSOAR and ServiceNow?regard,Amit
Resolved! sn_vulc.auditor
Hi all,I'm looking for the detailed permissions this role provides and what use cases there are for it please.Thank you.
In-Depth Guide: Integrating ServiceNow with Qualys
In-Depth Guide: Integrating ServiceNow with Qualys Integrating ServiceNow with Qualys can streamline your organization’s vulnerability management and incident response workflows. This comprehensive guide provides a step-by-step process to set up t...
MDE Integration with SIR and Isolate Capability
Looking at the Microsoft Defender Endpoint integration with Security Incident Response and can't find documentation anywhere that goes into detail about contacting a host that is no longer online. Is there a looping process that continues to try to i...
Regarding Zscaler integration with security incident response
Hi All,I need to perform a task on Security Incident Response Module, where i need to integrate the Zscaler application to servicenow from scratch.i struct with the admin account creation part in zscaler.can anyone of you guide me am i on the right p...
Vulnerability Response Auto resolve duplicate vulnerabilities not resolving VITs
Hi everyone, I am troubleshooting an issue with auto resolving duplicate vulnerabilities reported by different scanners in vulnerability response. We have integrations setup with Tanium and Microsoft TVM. These scanners are creating VITs for the same...
How to create a play book on Security Incident Response????
Hello All, I am new to SecOps implementation and got an opportunity to configure a new Playbook in the Security Incident Response. What are the best practices need follow? What are the prerequisites? How to implement a new Playbook for enriching the ...
Security incident Dashboard visibility to snc_external users
Hi Team, there is a requirement from client to create a dashboard for Security incident and make that visible to end users(snc_external) in CSM portal. Can you please suggest the possible ways. Thanks,Pooja
SecOps VR: Requested an extension on exception rule, but don't see any approvals triggered
Hi,Few of our exception rules gets expired in a week, so when I clicked on request exception button, fill in the details and submit it, the page just reloads and nothing happens, don't see any approvals getting triggered. Please assist.
Vulnerability Response - How are Discovery Items created?
We are using OOB VR and integrated with Microsoft Threat & Vulnerability Management. It created a bunch of Discovered Items some of them are Unmatched. We were wondering how Matching type of DI was populated as Created by IRE, also is there any techn...
How can adjust the time line in vulnerability created date in report (bar chart)?
If I create a report based on created date and request ID so I can get in particular time frame how many requests created, or we have.currently i am getting below data on y axis - same day, 2 days, 2-5 days, 5-7 days, 1-2 weeks .....etc Now i want t...
Resolved! "No playbook found Please contact your administrator" error while accessing playbook from Security Incident New UI
Hi, I have enabled the OOB plugins for SIR and SIR UI and need to access playbooks from security incident New UI. While clicking on playbook icon I am getting the message "No playbook found , Please contact your administrator". all the runbooks are i...
What is the search window of Splunk ES Scheduled imports for SecOps SIR?
Hello all, I have implemented the Splunk ES integration with SecOps to automate notable ingestion. We are polling Splunk to fetch notables every 4 minutes. I want to know when we send a poll to Splunk, how far in the past is ServiceNow trying to requ...
