SecOps forum

Resolved! Is it possible to import pentest data into Infrastructure VR module, instead of AVR?

Restrict or Allow all the Vulnerabilities coming from MS TVM integration

I have done Servicenow integration with MS TVM Now i want to restrict or allow all the Vulnerabilities coming from the Microsoft Defender using a Tags can anyone please guide me on this

Resolved! VR - How to manage "Unclassed Hardware" CIs

In Vulnerability Response, how do you manage the Unclassed Hardware [cmdb_ci_unclassed_hardware] table? In regards to VR integrations with third-party tools, ServiceNow automatically creates CIs on the Unclassed Hardware table when a CI is unmatched ...

Assets having same sys_id question

I have a customer asking this and I'm not sure how to answer: "We have the Qualys integration for Vulnerability Response running, and we have noticed that within the discovered items table we are seeing multiple assets that have the same sys_id, but ...

How to set the affected user value based on the email sender for multilpe alerts using FLOW DESIGNER

I have 3 alerts from different sender for which I created the 3 different users for the identifications.Using flow designer I am trying to convert those alert to incident ticket.All the field values under incident table are common for all the alerts ...

Vulnerability response

We want to disable an assignment rule. What will happen to the existing Vulnerable items that were originally assigned using that assignment group ?

Arcsight Integration event mapping to security incident

Hi, We have ArcSight Integration in system and under that mapping some fields from there to ServiceNow. There is one time field which has time in "GMT" but when it mapped to ServiceNow security incident it convert it to "PST".We have custom script in...

Best practice for VR IP Addresses changes

Hello everyone,We are facing the "issue" that if CI has updated IP Address, this is not reflected in VIT. VIT is still having the IP Address of CI from initial detection. I understand that this is by design, but don't really find it useful and search...

Resolved! Connection Issue: Microsoft Graph Security API Alert Ingestion for Security Operations

Hi,we are currently facing a connection issue while integrating ServiceNow with the Azure microsoft0365 application.We have completed the application registration in the Azure and granted the API Permission "SecurityEvents.ReadWrite.All" as mentioned...

How are licenses calculated for Vulnerability response

Hello, I am new to Vulnerability Response licensing.I have the following questions related to licensing in Vulnerability Response :1. how are number of licenses being used calculated?2. where can i see the number of licenses being used?3. What could ...

Discovered Item table creating Unclassified hardware CI for retired and Non Operational CI's in CMDB

Hello,How to stop new CI getting created as unclassified hardware when Apply changes used on CI lookup rule table for existing retired and Non Operational CI's in CMDB What is happening for Unclassified hardware CI getting created from QualysIf there...

SLA on Hold in Vulnerable item when exception applied.

Hello All,I need help to understand SLA in Vulnerable item when exception applied.Exception applied on Vulnerable item with SLA status "Target Missed" (other 2 example VI form with SLA status "In-flight" , VI form with SLA status "No Target"). But ...

Resolved! TenableSCAssetsIntegration Error 403

Hello, My VR integration to Tenable has been running fine in dev for the past few weeks. We just cloned our prod environment and after doing the same setup steps. My third party vulnerability entries are loading fine and i was even able to pull ope...

SIR Post Incident Review Request Assessment Assignees Not showing anyone

Hi All, I am super new to the SIR module and still figuring out how to set it up. I am trying to generate PIR assessments for the Security Teams inside of the SIR Workspace. However for some reason the Assignee Field is showing no Results and I am un...

Filter incident templates by field value

Hi,I have a requirement by where I need to filter out the templates shown on template bar at bottom of form. On the incident form we have a custom choice field 'product', we have 3 products we can select.We create a template for each category of inci...

Forum Posts

Resolved! Is it possible to import pentest data into Infrastructure VR module, instead of AVR?

Restrict or Allow all the Vulnerabilities coming from MS TVM integration

Resolved! VR - How to manage "Unclassed Hardware" CIs

Assets having same sys_id question

How to set the affected user value based on the email sender for multilpe alerts using FLOW DESIGNER

Vulnerability response

Arcsight Integration event mapping to security incident

Best practice for VR IP Addresses changes

Resolved! Connection Issue: Microsoft Graph Security API Alert Ingestion for Security Operations

How are licenses calculated for Vulnerability response

Discovered Item table creating Unclassified hardware CI for retired and Non Operational CI's in CMDB

SLA on Hold in Vulnerable item when exception applied.

Resolved! TenableSCAssetsIntegration Error 403

SIR Post Incident Review Request Assessment Assignees Not showing anyone

Filter incident templates by field value

Scheduled script for setting state of Security Inc...

Where is the documentation for the Integration Ins...

Make vulnerable items untraceable in non-prod envi...

Not getting Approval in Policy & Compliance Manage...

ServiceNow and CrowdStrike VR Integration

Information on _queryMatch

What is the impact in Vulnerability Response of le...

Custom Table when pulled as a related list, 'Edit'...

Any way to see what Vulnerability Calculator was u...

WatchDog for monitoring long running transactions

please provide the processof major incident manage...

Vulnerability Response - how is table related serv...

SOLVED: How to recalculate Risk Rating for Remedia...

Vul Response Risk Score being updated to 0 when al...

Can we switch from ci lookup rule to IRE for CI id...