In Vulnerability Response, we have an auto-close configuration set to close stale detections based on 'Detections last found' value being found 30 days ago. The option allows you to set only one value that applies across all detections. We're happy w...
Hi,Users with Security Analyst role are not able to change assignment groups on security incidents. Is this expected behavior or should something be changed for them to edit the assignment group?I have checked ACLs and don't see any issues over there...
We are planning to build an integration between Security Incident Response (SIR) and Proofpoint. If you are a customer who is interested in this integration, please drop a note with your email id. We will connect with you to understand your use-cases...
What tools and techniques can be used for effective root cause analysis?
We have Rapid7 vulnerabilities integrated into VR. In the Vulnerable Item detection table (sn_vul_detection) there is a 'confirmed' column with boolean (True/False) values. What does this mean and where is there value coming from ?
When manually ingesting vulnerabilities from manual ingestion template, the current out-of-the-box configuration assigns a single summary to each Vulnerability ID, stored in the third-party table (sn_vul_third_party_entry). This summary is then appli...
What is the [sn_vul_rememdation_task] table?I am trying to better understand Remediation Task functionality in Tokyo Vulnerability Response. I understand Vulnerability Groups are now relabeled as Remediation Taskshttps://docs.servicenow.com/bundle/s...
Hello, I need to send ServiceNow's system & audit logs to an Azure Sentinel. What is the best approach?From the documentation (Log Export Service (LES) (servicenow.com)) it would seem to be to use Kafka cloud-to-cloud (at least for Splunk) but I can ...
Experts, How is the email parser rule different from the Email Parsing properties? How is it going to retrieve emails from the inbox for processing? Email Parsing Inbox:Security Operations detection tools send email reports to these addresses to be...
Hello,does anyone know how to create a condition in a Vulnerability Assignment Rule which looks into the Vulnerable Item proof in the Vulnerable Item Detection? We can't find this field under "Vulnerability" in the condition builder in the assignment...
Hello Community,Could not connect to the environment. [Method failed: (/api/sn_pipeline/pipeline/validate_connection) with code: 400].I'm getting this message when trying to Create a connection with with Test Environment.How to Fix this?Thanks,Daiva
Hello Experts, I wanted to ask about a feature of Vulnerability Response that was introduced not very long time ago, which is the option to add an Exclusion Rule. I understand the overall concept and how it works, but I'm having difficulty finding on...
Hi, How to extract data from Vulnerable items(sn_vul_vulnerable_item) table for servers and workstations by using filters. Any one please help me on this.1. Exploitable & Actively Exploitable2. CISA KEV3. Backlog ( Vuln on or before march 12th)4. Act...
Has anyone tested PCRS 2.0 or know when this will be available for Configuration Compliance? We are looking to utilize the excludeInactiveControl parameter. Inactive controls are being created as false negatives which is causing a lot of extra work.
We're seeing CVITs created that do not have a risk rating assigned. We suspect that it has to do with the fact NVD has yet to assign a rating, yet the vendor has. We've upgraded our NVD plug-in to the latest version, same issue. Anyone else seeing...
