Hi Everyone! Currently when we manually upload Vulnerabilities to create VITs users do not get notified when they are uploaded. I'm trying to figure out the best way to configure an email to be sent to notify users that they need to address this asa...
i need to create SIR Integration group so which roles are suitable for this group can you please suggest me
Hello All, We are seeing this weird behavior on ServicewNow Configuration compliance : >>where in we are using OOB API parameters. >>test results are getting created >>but the amount of failed test results generated by Qualys (weekly qualys report) ...
This is the remediation task rule that is configured in the configuration compliance remediation task rules table (sn_vulc_grouping_rule).What I want is to create remediation task based on the condition that if any of the Test Result is created with ...
Hello all, I just wanted to know if I can set new line "\n" as a delimiter for Splunk ES field mapping. If I do comma separation, the data looks quite shabby, as I'm trying to populate the description field with 8-9 fields. I tried putting "\n" in t...
Hi everyone,I've encountered an issue where some Vulnerability Remediation (VUL) tasks or remediation tasks remain open, despite their associated Vulnerable Items (VITs) being 100% closed. Can anyone help me understand why this discrepancy occurs, an...
Hi All, We have recently gone live with the VR module in ServiceNow and have the integration in place between our Qualys instance. Just after we went live with ServiceNow module, Qualys updated the VMDR module to 2.0 and introduced its QDS scoring m...
Hello All,I'm facing an issue while integrating CrowdStrike Falcon Sandbox with ServiceNow Security Operations. When submitting a URL for malware analysis, I receive the following Error: 'access denied, authorization failed' occurred while submittin...
Hi Folks, I am troubleshooting an issue where in i need to understand the CI mapping rules for VM Rapid & data import. Issue - Rapid7 (Intsights VM) has scanned a asset with URL - xyz.com however when the VI got created it was created with IP address...
Hello everyone, I’m looking to set up a fast-track solution for managing critical CVEs (Common Vulnerabilities and Exposures) that require immediate attention. Here’s a brief overview of what I’m aiming to achieve:Ad Hoc Remediation Targets:I need a ...
Hi All,I need an information regarding cancellation reason of playbook in SIR.On which table the cancellation reason of playbook in security incident is stored in ServiceNow?Thanks,Kushal
Context:In the Application Vulnerability Response plugin, we are working with a vendor that doesn't have an integration, so we've built import sets to import the data. Issue:We aren't able to run the Assignment rules on Closed or Active = false vulne...
I have installed the Threat Intelligence Security Center app, and am working in the integrations view to get threat feeds from MITRE. In the docs, it looks like you need the sn_sec_tisc.admin role, which I have granted myself. From the docs, it als...
I am testing our approval rules for VR and I am to the point where I am testing an extension of an exception. When I click the UI action to request an extension the Window opens for me to enter the date and reason but after I submit that nothing happ...
Hi Everyone, What happens to a CI when it is not discovered for 60 days? Any OOB scheduled job will run and change its state? Without any configuration? Something from OOB? Thanks!
