Hello all, I just wanted to know if I can set new line "\n" as a delimiter for Splunk ES field mapping. If I do comma separation, the data looks quite shabby, as I'm trying to populate the description field with 8-9 fields. I tried putting "\n" in t...
Hi everyone,I've encountered an issue where some Vulnerability Remediation (VUL) tasks or remediation tasks remain open, despite their associated Vulnerable Items (VITs) being 100% closed. Can anyone help me understand why this discrepancy occurs, an...
Hi All, We have recently gone live with the VR module in ServiceNow and have the integration in place between our Qualys instance. Just after we went live with ServiceNow module, Qualys updated the VMDR module to 2.0 and introduced its QDS scoring m...
Hello All,I'm facing an issue while integrating CrowdStrike Falcon Sandbox with ServiceNow Security Operations. When submitting a URL for malware analysis, I receive the following Error: 'access denied, authorization failed' occurred while submittin...
Hi Folks, I am troubleshooting an issue where in i need to understand the CI mapping rules for VM Rapid & data import. Issue - Rapid7 (Intsights VM) has scanned a asset with URL - xyz.com however when the VI got created it was created with IP address...
Hello everyone, I’m looking to set up a fast-track solution for managing critical CVEs (Common Vulnerabilities and Exposures) that require immediate attention. Here’s a brief overview of what I’m aiming to achieve:Ad Hoc Remediation Targets:I need a ...
Hi All,I need an information regarding cancellation reason of playbook in SIR.On which table the cancellation reason of playbook in security incident is stored in ServiceNow?Thanks,Kushal
Context:In the Application Vulnerability Response plugin, we are working with a vendor that doesn't have an integration, so we've built import sets to import the data. Issue:We aren't able to run the Assignment rules on Closed or Active = false vulne...
I have installed the Threat Intelligence Security Center app, and am working in the integrations view to get threat feeds from MITRE. In the docs, it looks like you need the sn_sec_tisc.admin role, which I have granted myself. From the docs, it als...
I am testing our approval rules for VR and I am to the point where I am testing an extension of an exception. When I click the UI action to request an extension the Window opens for me to enter the date and reason but after I submit that nothing happ...
Hi Everyone, What happens to a CI when it is not discovered for 60 days? Any OOB scheduled job will run and change its state? Without any configuration? Something from OOB? Thanks!
I'm trying to understand how the Remediation Status is affected for Vulnerable Items (VIT) that are placed in a deferral status.If the Vulnerable Item has a Remediation Status of "Approaching Target" and then the VIT is deferred, does the status rema...
I have created a new field but while checking in the form it is not editable. Read only check box is not selected. I also checked in UI policies and i didn't found anything. There were no client scripts on that table. What else I need to check?
I am working with an Incident Response Option Rule in ServiceNow, where I have set a few conditions that determine when the rule applies. Additionally, I have three response option mappings under this rule. Now, I need to add a new condition, but it ...
My customer is using the Yokohama version of the platform.I wanted to check with you all to see if there are any out-of-the-box (OOTB) dashboards or reports available for tracking Response Tasks and Remediation Tasks. Specifically, I’m looking for an...
