Is any other way to filter the endpoint alerts that come in so that security incidents are only created for certain alert types besides altering the scripts? Are there alert rules or something we can configure to get this to work without updating the...
Hello everyone, I am in the process of setting up an auto-close rule for stale vulnerable items in our VR module. I have the rule conditions looking for vulnerable item . last found is relative before 1 day ago. When I run the job "Auto-close Rule Pr...
Hello Everyone, I am attempting to create a custom risk rating score for our Vulnerability risk rule calculator. Does anyone know if this is possible? If so where would I go to add this?
Does anybody know how you can hide one of the reason choices on the popup for the Request Exceptions? We want to hide the Risk Accepted option. I scoured the review_request UI page and cannot figure it out. Thanks!
Using the Qualys vulnerability scan integration (and I’m unsure if this is agnostic across scanners), we have certain vulnerabilities where the only data that discerns what team is responsible for remediation is the proof of the detection. Here ar...
Hi there,I want to create an action with "Create Response Task set Incident state V1" so that analyst can answer certain questions.I configured the action in Flow Designer like this.But Yes/No question want show up in the New UI.What am I missing?
Hi Experts - I have an issue. I see two CIs in the CMDB with the same name, `WEBFE01`, but different classes: one is classified as a `Windows Server`, and the other as a `VMware Virtual Machine Instance`. The support group assigned to the `VMware Vir...
Hello!We are doing an RFP for a potential replacement of our Vulnerability Management Solution and may replace Rapid7 IVM with either Tenable.io or Qualys VMDR. We currently run VR with the Rapid 7 IVM API integrations and it works mostly well, but a...
Customer wants to enable the SOC teams the ability to leverage the Notify integrations. The Notify apps say they can work with "task" data type, but does not specify SecOps data type compatibility. Has anyone heard of this being possible?
Hi All, I created a simple TISC(Threat intelligence Security Center) playbook with just an update activity, but it doesn’t display a dedicated section or a button to add the playbook to a case, as it does in the Security Incident module. I’d like to ...
sn_si_incident contain 26 million records and potentially looping automation which is slowing down the test environment. Investigate potential root cause to stop this from occuring. Please let me know the resolution of same
Hi, We're looking to see if there's a way to execute the "Associate MITRE ATT&CK Technique" action through the ServiceNow API? We have SIRs that are automatically created and we have the MITRE ATT&CK info from another source, and right now we are man...
We want to limit users with the impersonate role (which includes admins and certain non-admins) from accessing sensitive data in VR and/or SIR applications when impersonating other users. Use Case:A remediation owner is assigned a critical, exploitab...
Hi,Please let me know the table name of Playbook (PAD) where its work notes are stored. Looking forward for quick resolution regarding the same. Thanks in Advance
As per the requirement, I have to create a report which comprises of Integration Error logs so that I would be able to create a report for the Failed or Cancelled Integration logs like Integration that done using CrowdStrike API so that I can show th...
