SecOps forum

Restrict Qualys Creating CI's in Unclassed Hardware

How to Restrict Qualys Creating CI's in Unclassed Hardware, we have a requirement to partially stop creating the CI in Unclassed. is there a way to disable? Thanks in advanceRam

For VR Created CIs change IRE default Operational Status

Requesting feedback to see if anyone has changed the IRE default for "Operation Status" (which is "Operational") for Vulnerability Response create CIs. 1) Qualys scans a server and detects a vulnerability.2) VIA the SN VR API we consume that vulnerab...

Tenable.SC Rescan error: Invalid response code received 403 - Please specify a valid Repository

Hello, We just recently implemented the Vulnerability Response Module. When I issue a rescan from either the classic UI or the Vulnerability Manager or IT Remediation Owner workspace, I get an error: 403 - Please specify a valid Repository. Here is...

How can you see the effect of active session life span properties?

Hello experts,Did anyone of you have any experience on utilizing the any of the following properties (glide.integrations.active.session.life_span, glide.ui.active.session.life_span and glide.guest.active.session.life_span) ?I can see in their documen...

Vuln Resp Rescan Integrations

We have recently implemented the Vuln Response Module. I am trying to figure out how to only show active integrations when selecting the INSTANCE for a Rescan of a VIT (that is not closed). When I try to set the INSTANCE, I see my Tenable.SC integr...

Close UI Action in Vulnerability Response

Hi All, When I'm closing Vulnerable Item I have two option for closure:Wait for confirmation from next scan Close vulnerabilities now, reopen if found I need to know if I select any one of the 'Close Now?' options, in ServiceNow, in which field the ...

Crowdstrike Falcon Endpoint for Security Incident - API Rate Limit being crossed

We are trying to integrate ServiceNow with Crowdstrike Falcon Endpoint for Security Incident but integration gets disabled each day or so. Integration works for sometime but then it fails. In logs we are receiving error that Rate Limit has increased...

Limit authentication to ServiceNow based on IP Range

Hi folks,We have an IP Range that is open in ServiceNow (inbound) that is quite large. We want to limit access to ServiceNow (interactively and non-interactive) over this IP Range to a user with a certain role. Wondering if anyone has run into this...

Vulnerability Response

Hi All,Anyone having knowledge of VR Configuration. Need a small help , I am not aware of VR Configuration, Licenses for VR are counted on number of IPs getting scanned . Anyone knows from where we can filter this out which class of machines will be ...

Passing a system property value to HTTP Query Parameters on an integration REST method

Looking for guidance on how to pass a system property value to an integration REST Method's HTTP Query Parameters in order to filter incoming payload data. The parameter accepts a list of unique IDs stored within a variable, what I am trying to do is...

Resolved! API to get the incident count in servicenow

On closure of Policy Exception for VR

Hi All, When a Policy Exception expires, the related Vulnerable Item reopens along with associated Remediation Task. But my requirement is to keep the associated Remediation Task closed when Policy Exception expires. How to achieve this? Thanks!

Send Servicenow logs to Azure Sentinel (Cloud SIEM) using Kafka

Hello, I need to send ServiceNow's system & audit logs to a Azure Sentinel. What is the best approach?From the documentation (Log Export Service (LES) (servicenow.com)) it would seem to be to use Kafka cloud-to-cloud (at least for Splunk) but I can f...

Restrict Response Task on SIR

My use case is that I have to restrict record visibility on Response Task(sn_si_task). If my response task share common parent i.e SIR (sn_si_incident)then only make tasks visible to logged user who is also Assigned to user of the Response TasksFo...

ACL/role that provide read/create/delete access only to content items?

Hello!Is there a role or ACL that provides create/edit/read/delete rights on the table of content items, but not on catalog items at the same time? I am aware of the catalog_editor, catalog_manager and catalog_admin, none of these match the purpose. ...

Forum Posts

Restrict Qualys Creating CI's in Unclassed Hardware

For VR Created CIs change IRE default Operational Status

Tenable.SC Rescan error: Invalid response code received 403 - Please specify a valid Repository

How can you see the effect of active session life span properties?

Vuln Resp Rescan Integrations

Close UI Action in Vulnerability Response

Crowdstrike Falcon Endpoint for Security Incident - API Rate Limit being crossed

Limit authentication to ServiceNow based on IP Range

Vulnerability Response

Passing a system property value to HTTP Query Parameters on an integration REST method

Resolved! API to get the incident count in servicenow

On closure of Policy Exception for VR

Send Servicenow logs to Azure Sentinel (Cloud SIEM) using Kafka

Restrict Response Task on SIR

ACL/role that provide read/create/delete access only to content items?

Atlassian Jira integration with Vulnerability Resp...

Notify Connector for Microsoft Teams

Sysdig Container Vulnerability Response - example...

Error while executing Reapply Risk Calculators (VI...

Qualys VM integration issue

CVIT Bulk Edit

Need to add additional reference fields on Modal i...

To make closed state value visible only when curre...

Remediation Target Rules

How to add the UI action Button to the Three dots(...

Vulnerability Response: Reopened VIT reassignment

Unable to add work notes as default list view colu...

I just need to understand difference b/w Work note...

Ref info button is not working for CVITs table

Clarification on CIS–Vulnerability Response Exam V...