MTTD calculation for Security records
Is there a way to report on MTTD (mean time to detect) for particular support groups or a canned report that visualizes this?
Forum Posts
Resolved! Remediation tasks not created when VIT risk rating/score increases
We use Rapid7's Active Risk score as one of the primary drivers of the normalized risk rating of third-party vulnerability entry records in VR, which then drives the risk score/rating of vulnerable items. As Active Risk is driven by threat intelligen...
Resolved! To make closed state value visible only when current state is review in SIR workspace
Hi,We need to make closed state value visible only when current state is review in SIR workspace. We tried using onChange client script as well as Before business rule but its not reflecting in workspace. Is there any other way to configure this? Is ...
Sysdig Container Vulnerability Response - example of response.json from sysdig
Can anyone provide me with an example of the response.json received from Sysdig on the endpoint https://<server>/api/scanning/v2/runtime/vulnerabilities?The reason I ask is that we are on-prem with both sysdig and servicenow and sysdig only offer th...
Recalculation of Remediation Target Date when a Risk Rating Changes
GOAL: To reevaluate and reset the Remediation Target Date for a Vulnerable Item if the Risk Rating changes due to the Source Risk Score changing. DETAILS:Qualys Integration with Vulnerability ResponseWe use QDS score from Qualys to set the Risk Score...
Zero day Vulnerability - Best Practice
Hi All, I am looking for guidance and best practice on how to handle Zero day Vulnerabilities in ServiceNow for cases where CVE's are not available. Came across the below KB article which talks about creating a new table by extending OOTB Vulnerabili...
Vulnerability Risk Calculator - Use Source Risk Score instead of Vulnerability Severity?
Hi,We currently use Source Risk Score from Qualys (Qualys Detection Score; QDS) to do a direct map to our Risk Score in ServiceNow. QDS combines the severity of the vulnerability with other Threat Intelligence to get that Risk Score. Quite frequent...
Resolved! Remediation Target Rules
So, my vuln analysts are wondering if there is any way to have the remediation target use a base of when a VIT is assigned to a service now group. The reason being that the remediation teams are complaining because as certain items get assigned (lik...
Security Incident Response Task not triggering notifications on State update
Hello Community, I have a Security Incident Task change notification in place which triggers on event named- "sn_si.TaskAssigned". But for some reason the notification would not trigger anytime I make a change on the SIT state, or Priority or even ch...
Request risk reduction for a vulnerable item do not work OOTB
Hello. We have issue with OOTB - Request risk reduction for a vulnerable item.When we request:A. Request for DeferralB. Request for Risk Reduction Two "State Change Approvals" are being created for A and BWhen we do all approvals A is going in to App...
How does automatic CI Reclassification happens? What needs to be done for that?
I came across a ServiceNow Product Doc that states that "CI reclassification is possible only between two classes that have identical identification rules." What does it mean to have identical identification rules? And how does reclassification happe...
Clarification on Cross-widget Interaction in Platform Analytics Dashboard (Yokohama release)
I'm trying to enable cross-widget interaction-where selecting a data point in one visualization(e,g, a donut or bar chart) dynamically filters or updates the other widget on the same dashboard. I've configured multiple widgets and global widgets wor...
Change / Overwrite Individual VIT risk rating
Is there any known way to manually change an individual VIT risk rating? I know you could do it via a calculator rule targeted for that specific CI/instance but that is a bit too specific and would lead to a runaway list of way too many rules. We hav...
Populate Internet Facing attribute on Hardware
Hi. I have a question about "Populate Internet Facing attribute on Hardware".The value of the "Internet Facing" field in the Hardware table is updated by the "Populate Internet Facing attribute on Hardware" in the sysauto_script table.The execution t...
Issue ingesting multiple affected users using Azure Sentinel Incident Ingestion Integration
HiWe're having a bit of trouble adding multiple affected users into SIR tickets using the Azure Sentinel Incident Ingestion Integration. We are able to ingest Sentinel Account entities (${Account: properties(displayName)}$) using a simple glide get q...
