SecOps forum

ServiceNow integration with QRADAR

I need all the detail about how to configure integration between ServiceNow and QRADAR (IBM). Please provide the specifics of steps after the QRADAR plugin is installed. Thanks for all the help.

New NowLearning Course Alert: Security Posture Control Implementation Bootcamp

Exiciting Announcement: Introducing our latest course - "Security Posture Control Implementation Bootcamp On Demand" Are you ready to take your ServiceNow® Security Operations skills to the next level? We're thrilled to unveil our newest course, ...

Resolved! Exception Questionnaire

I am wondering how the Exception Questionnaire in Vulnerability Response is useful for approvers/where the answers can be found? I know the metric results and assessment instance questions are linked to the state change approval record, but they aren...

Tenable.sc Rescan error

Hi All, I am using Tenable.sc for my client and I see the rescan does not work at all and we get the following error message:An error occurred while initiating the rescan. Attributes such as repository_id or family_id might be missing. When I click ...

Resolved! machine_filter on Vulnerability response Microsoft TVM

Im trying to apply a machine_filter for importing machines from Microsoft TVM in VR. The filters the machines being imported as CIs, but doesn not filter the vulnerabilities on machines, so we end up with a lot of vulnerabilities that we do not want ...

Deactivate or delete a Remediation Effort?

Could someone please guide me on how I can "delete" or "deactivate" a Remediation Effort? It seems according to ACLs, no one can delete an effort, even Admins. But it appears there should be a way to deactivate one, but it is all grayed out. Are th...

Incident Task Notifications

Is there a way to setup email notifications for when incident tasks are opened and assigned to a particular group or person, so they know they have a task assigned? Oops, wrong forum, sorry, not sure how to delete

Tenable Integration Plugin with ServiceNow - Additional Fields (Specifically 'Patch Published Date')

Hi ServiceNow Community,We are in the middle of implementing a new VR instance for a customer using the Tenable Vulnerability Integration plugin for both Tenable.io and Tenable.sc. How would I be able to access the 'Patch Published' field from Tenabl...

Turn "Reopened" field into a date/time field

Hey community,In the vulnerability items table there is a field called "Reopened" which is by default a True/False field.I have a ask to make that field show a date when the Vulnerability reopened. Is there a way to achieve this?Thanks in advance

Best solution for VITs with multiple locations of vulnerabilities

We have various VITs, like for QID-106032 (Apache Log4j 1.X Detected), where in the results there are a dozen or two locations of Log4j jar files. In these instances, each of those locations in owned by a separate application team. Is there a way to...

ServiceNow API to Azure container storage

Hi All, I am currently working through a project to get data from various API's and out into Azure container storage. This involves a runbook in Azure that, on a schedule, pulls data from the various API's and stores this in the Azure blob storage. I...

Resolved! Adding new states to Security Incidents

Got a request in to add new States into Security Incidents. I've been looking to try and add these, but while I can add them to the Choice List, they will not appear in the drop down at any point. Also can't see to add anything to the Process Flow as...

How is the 'Vulnerable Item.Last Found' field supposed to be populated from Qualys, especially with multiple Detection Records?

Hi, We use Qualys integration with Vulnerability Response and have used the Vulnerable Item.Last Found field to determine the last time a vulnerability was found on the vulnerable item. However, if the Vulnerable Item has multiple detection records, ...

If the incident is promoted as major incident, assignment group should check the group type

I am currently working on the requirement which wants me to add few lines of code in the business rule "Major Incident Assignment" (OOB BR), if the incident is promoted as major incident then I need to compare the group type, if group type is itil,...

Vulnerability Response

Requesting you to kindly share the implementation checklist for Vulnerability Response module?

Forum Posts

ServiceNow integration with QRADAR

New NowLearning Course Alert: Security Posture Control Implementation Bootcamp

Resolved! Exception Questionnaire

Tenable.sc Rescan error

Resolved! machine_filter on Vulnerability response Microsoft TVM

Deactivate or delete a Remediation Effort?

Incident Task Notifications

Tenable Integration Plugin with ServiceNow - Additional Fields (Specifically 'Patch Published Date')

Turn "Reopened" field into a date/time field

Best solution for VITs with multiple locations of vulnerabilities

ServiceNow API to Azure container storage

Resolved! Adding new states to Security Incidents

How is the 'Vulnerable Item.Last Found' field supposed to be populated from Qualys, especially with multiple Detection Records?

If the incident is promoted as major incident, assignment group should check the group type

Vulnerability Response

Qualys VM integration issue

Vulnerability Response: Associated VCA are not clo...

How does automatic CI Reclassification happens? Wh...

ServiceNow sends a notification of SIR update with...

VR Remediation Efforts for Remediation Tasks

How to add the UI action Button to the Three dots(...

Vulnerability Response: Reopened VIT reassignment

Unable to add work notes as default list view colu...

I just need to understand difference b/w Work note...

Ref info button is not working for CVITs table

Clarification on CIS–Vulnerability Response Exam V...

"ACL Exception Insert Failed due to security const...

Question about July 31 Transition for Wiz Built St...

CI Lookup Rule - Auto promote on certain classes

Not able to install VR plugin in PDI