Hello,we have an issue with long running scheduled job during business hours, so we would like to use WatchDog for monitoring transactions. In case there is an active transaction for that speficic job, it should send us a notification, so we can kill...
Some of our CIs are matching on our lookup rules, but we want to exclude a certain OS. My first thought is to add a condition on the lookup rule it is matching on, to exclude that OS. However, it just matched on the next rule. So from this I assume t...
Hi Community,Can someone explain me how the table - Related Services - sn_vul_m2m_ci_services - is populated, or point me to an article that explains it?It seems that the data in this table is populated randomly (i suppose it is not :-))Thank youMarc...
Hello Community,I’ve received a customer requirement to implement a 24-hour SLA timer for response and reporting purposes. The SLA should start when an analyst begins working on a specific security incident by creating a Response task and either assi...
Hello ServiceNow community, I am trying to auto populate Business Impact field in Security incident response form, based on the Configuration items(CI)s field and its Tier value tied to CI. Is there a way I can turn off rules or script which auto tri...
Hi everyone, Is there any way to capture a Remediation Task rule when we create a new one, or update or delete an existing one? I had my update set on when I created it, but it was not captured. What is the standard practice to move the Remediation T...
We recently installed the Security Common Workspace to upgrade the IT Remediation Workspace, Vulnerability Manager WS, etc. However, now when trying to open files in a simple list, such as Discovered Items, it launches a workspace. We would like to...
In ServiceNow playbook, is it possible to pass the trigger record sys_id from an activity to the data definition's flow variable's advanced reference qualifier for a questionnaire activity? javascript:(function() { var ids = []; var gr = new Gl...
Is there any OOB feature in ServiceNow SecOps SIR that prevents closing a security incident unless assessments are completed? Or do we need to customize this with a business rule/workflow?
How is everyone getting vulnerabilities into ServiceNow for resources that do not support a scanner being installed on them? We have scanners like tanium, tenable, microsoft tvm. Looking at using the AWS Connector to bring over security findings but ...
I found bunch of Vulnerable Items have empty detections. They are newly created VITs by Tenable I.O.Can anyone suggest what possible root cause could be? Also, where should I start to look into this issue? Thank you in advance.
Hi,is there a way to recalculate only the Risk Rating fields for the Remediation Task table(s)? We've followed the documentation on how to update Risk Score Weights (sn_sec_cmn_risk_score_weight).Additionally we've added a few new Risk Score Weights ...
I've developed a workflow that will automatically create a TISC Case when certain criteria is met with an ingested Threat Report. Is there a way to associate Artifacts (specifically Observables, Indicators, and the Threat Report itself) to the newly...
