Hi Everyone, In the TISC application, under the Administration section, there is a "Security Control List" that includes three sub-sections: 1. Allow List, 2. Deny List, and 3. Watch List. I would like to understand the purpose of this section and th...
We would like to calculate the value of the [Risk score] column of Vulnerable Items[sn_vul_vulnerable_item] using the Vulnerability Calculator Rules[sn_vul_calculator].We want to calculate it.We would like to set the conditions and values in the [Whe...
Hello!I have a tricky situation and not sure how to solve this. I have Vulnerable Items for servers (Windows and Linux), which it should be assigned to related CI Service support groups, this assignment rule I have, but there is also a condition, tha...
Is any other way to filter the endpoint alerts that come in so that security incidents are only created for certain alert types besides altering the scripts? Are there alert rules or something we can configure to get this to work without updating the...
Hello everyone, I am in the process of setting up an auto-close rule for stale vulnerable items in our VR module. I have the rule conditions looking for vulnerable item . last found is relative before 1 day ago. When I run the job "Auto-close Rule Pr...
Hello Everyone, I am attempting to create a custom risk rating score for our Vulnerability risk rule calculator. Does anyone know if this is possible? If so where would I go to add this?
Does anybody know how you can hide one of the reason choices on the popup for the Request Exceptions? We want to hide the Risk Accepted option. I scoured the review_request UI page and cannot figure it out. Thanks!
Using the Qualys vulnerability scan integration (and I’m unsure if this is agnostic across scanners), we have certain vulnerabilities where the only data that discerns what team is responsible for remediation is the proof of the detection. Here ar...
Hi there,I want to create an action with "Create Response Task set Incident state V1" so that analyst can answer certain questions.I configured the action in Flow Designer like this.But Yes/No question want show up in the New UI.What am I missing?
Hi Experts - I have an issue. I see two CIs in the CMDB with the same name, `WEBFE01`, but different classes: one is classified as a `Windows Server`, and the other as a `VMware Virtual Machine Instance`. The support group assigned to the `VMware Vir...
Hello!We are doing an RFP for a potential replacement of our Vulnerability Management Solution and may replace Rapid7 IVM with either Tenable.io or Qualys VMDR. We currently run VR with the Rapid 7 IVM API integrations and it works mostly well, but a...
Customer wants to enable the SOC teams the ability to leverage the Notify integrations. The Notify apps say they can work with "task" data type, but does not specify SecOps data type compatibility. Has anyone heard of this being possible?
Hi All, I created a simple TISC(Threat intelligence Security Center) playbook with just an update activity, but it doesn’t display a dedicated section or a button to add the playbook to a case, as it does in the Security Incident module. I’d like to ...
sn_si_incident contain 26 million records and potentially looping automation which is slowing down the test environment. Investigate potential root cause to stop this from occuring. Please let me know the resolution of same
Hi, We're looking to see if there's a way to execute the "Associate MITRE ATT&CK Technique" action through the ServiceNow API? We have SIRs that are automatically created and we have the MITRE ATT&CK info from another source, and right now we are man...
