Restrict Qualys Creating CI's in Unclassed Hardware
How to Restrict Qualys Creating CI's in Unclassed Hardware, we have a requirement to partially stop creating the CI in Unclassed. is there a way to disable? Thanks in advanceRam
Forum Posts
For VR Created CIs change IRE default Operational Status
Requesting feedback to see if anyone has changed the IRE default for "Operation Status" (which is "Operational") for Vulnerability Response create CIs. 1) Qualys scans a server and detects a vulnerability.2) VIA the SN VR API we consume that vulnerab...
Tenable.SC Rescan error: Invalid response code received 403 - Please specify a valid Repository
Hello, We just recently implemented the Vulnerability Response Module. When I issue a rescan from either the classic UI or the Vulnerability Manager or IT Remediation Owner workspace, I get an error: 403 - Please specify a valid Repository. Here is...
I need to setup Prisma cloud integration and mapping of fields via integration script.
I need to setup Prisma cloud integration and mapping of fields via integration script.Can anyone help here?
How can you see the effect of active session life span properties?
Hello experts,Did anyone of you have any experience on utilizing the any of the following properties (glide.integrations.active.session.life_span, glide.ui.active.session.life_span and glide.guest.active.session.life_span) ?I can see in their documen...
Vuln Resp Rescan Integrations
We have recently implemented the Vuln Response Module. I am trying to figure out how to only show active integrations when selecting the INSTANCE for a Rescan of a VIT (that is not closed). When I try to set the INSTANCE, I see my Tenable.SC integr...
On-Call Schedule for Security Incident Response
Is anyone familiar with a way to achieve an on-call rotation for auto assignment of Security Incident Response records? An example would be 6 analysts, who are on-call from M-Sunday, on a six week rotation. Existing options in the SIR Configuration ...
Close UI Action in Vulnerability Response
Hi All, When I'm closing Vulnerable Item I have two option for closure:Wait for confirmation from next scan Close vulnerabilities now, reopen if found I need to know if I select any one of the 'Close Now?' options, in ServiceNow, in which field the ...
Crowdstrike Falcon Endpoint for Security Incident - API Rate Limit being crossed
We are trying to integrate ServiceNow with Crowdstrike Falcon Endpoint for Security Incident but integration gets disabled each day or so. Integration works for sometime but then it fails. In logs we are receiving error that Rate Limit has increased...
Limit authentication to ServiceNow based on IP Range
Hi folks,We have an IP Range that is open in ServiceNow (inbound) that is quite large. We want to limit access to ServiceNow (interactively and non-interactive) over this IP Range to a user with a certain role. Wondering if anyone has run into this...
Vulnerability Response
Hi All,Anyone having knowledge of VR Configuration. Need a small help , I am not aware of VR Configuration, Licenses for VR are counted on number of IPs getting scanned . Anyone knows from where we can filter this out which class of machines will be ...
Passing a system property value to HTTP Query Parameters on an integration REST method
Looking for guidance on how to pass a system property value to an integration REST Method's HTTP Query Parameters in order to filter incoming payload data. The parameter accepts a list of unique IDs stored within a variable, what I am trying to do is...
On closure of Policy Exception for VR
Hi All, When a Policy Exception expires, the related Vulnerable Item reopens along with associated Remediation Task. But my requirement is to keep the associated Remediation Task closed when Policy Exception expires. How to achieve this? Thanks!
Send Servicenow logs to Azure Sentinel (Cloud SIEM) using Kafka
Hello, I need to send ServiceNow's system & audit logs to a Azure Sentinel. What is the best approach?From the documentation (Log Export Service (LES) (servicenow.com)) it would seem to be to use Kafka cloud-to-cloud (at least for Splunk) but I can f...
