We have been successfully importing Security Incidents from Sentinel through an integration, however, I am now trying to map new fields across. We want to start passing over metadata like the "Resolver Group" that the incident should be preassigned t...
Hi Team, For one VIT there are two records under vulnerable item detection (detections) tab. One record is of Stale status and another record is of Open status. Moreover, both records discovered item are different.Ideally if one status is of stale st...
When associating a Mitre attack record against an incident using the "Associate Mitre ATT&CK Technique" related link from the Security Incident form... from the dialog window, you initially select the Source and then the Tactic. But when selecting t...
How to check the email body for the match condition to create security incident using Email Parser?
Hello Everyone,Is there any other way for penetration Testing in ServiceNow without the Raising a request in serviceNow Hi portal?My understanding towards the Black-Box Penetration testing is to Test the Applications using several Third-Party apps an...
Hi,Need to change default value for priority field in MSIM workspace. created UI policy to do the same but it's not working. And we can not change it from dictionary level as it is inherited from task table.Please suggest.Thanks,
All, I am doing some planning... so a question for everyone: Once VR or SIR are up and running successfully, what is important enough to start a Phase 2 project? What I mean is... Would you like additional configurations, new integrations, new OOB ca...
There is an ongoing doubt to know what happens to a Vulnerable Item deferred by an exception rule if it gets updated by the system and no longer matches the initial conditions of the exception rule. Following OOB does it get re-opened or what should ...
i have a few questions on the vulnerability remediation : 1. other than submitting a change to push for a large amount of machines and it is closed when all the machines have been remediation, but what happens if one machine happens to have the old ...
I have a question. We want to integrate Tenable.io with ServiceNow CMDB to manage the client asset. Is there any requirement from the ServiceNow side? I found some content on the screenshot (Tenable and ServiceNow Integration Guide), "Service Graph ...
Hi SecOps experts, I'm trying to install the latest version of SIR (13.4.3) on my PDI but it's stuck as per the attached screen shot: V. 13.4.3 has only been in GA for a couple of days, so I'm wondering if that's the problem. Interested to hea...
We have requirements to implement restrictions on the number of days exception requests on the Remediation Tasks or Vulnerable Items can be requested. When requesting exception through the Vulnerability Manager Workspace, the Until selection is a cal...
Any specific reason behind this ? Why they have separated ?
Hello All, I am banging my head against the wall with this one. I am in the MSIM workspace. I have the sn_msi.worksapce_admin and the sn_msi.workspace_manager roles. I can propose that a security incident become a major incident. But then cannot prom...
We are on Vulnerability Response Vulnerability Response 21.1.2. What we are seeing is that some VITs although they meet the remediation target rule condition(s) they are not getting remediation target dates populated on the VIT. The remediation ta...
