SecOps forum

Assessment

Hi I need a assessment on incident resolution. How can i achieve this?

Resolved! Why all the notables created in Splunk are not created as security incidents in ServiceNow

Hello,Splunk has created 1900 notables whereas only 950 security incidents were created in ServiceNow. What could be the reason for all the notables not getting created on SIR, is there any rate limit?

Resolved! Managing Unmatched CI, Unclassed Hardware and Incomplete IP records

During the Qualys ingestion and CI Lookup Process if there is no matching CI in the CMDB an Unmatched CI, Unclassed hardware and Incomplete IP record is create their associated tables (sn_sec_cmn_unmatched_ci or cmdb_ci_incomplete_ip or cmdb_ci_uncla...

Feedback on Tenable.io WAS using OOTB integration

We're looking into moving from custom flow of ingesting Tenable.io WAS scans to the OOTB integration.For those customers who are already using the OOTB integration, what are the challenges you are facing in Tenable.io WAS? Thanks!

Detections on Vulnerable item table

Hi ,In vulnerability response , we have some with vulnerable items with out any detections tagged to it and we have some vulnerable items which are not in closed state even though the detections associated with them are in stale state. Can any sugges...

If Tenable VIT is Resolved then Trigger an automated Scan

Hi, If Tenable VIT is Resolved then, Can we Trigger an automated Scan? Thanks & Regards,Titiksha

VIT and VUL/RT remain linked after unassign

We have the sn_vul.rerun_task_rules set to true but the VIT unassign action is not removing the VIT from the original Remediation Task. The VIT and VUL/RT are still linked and the assignment groups are different. The states are all OPEN. Not related ...

Push Notifications

Hello, I need to update the push notifications that are sending when an Onboarding Journey and LE are initiated.I just need to update the push notifications to only send for some activities when launched. Also a need to deactivate push notifications ...

Integrating multiple Qualys sources into Configuration Compliance

We are ingesting Qualys test results from multiple Qualys instance... let's refer to them as Qualys A and Qualys B. Each Qualys instance has different policies and ingesting test results from each instance results in policies being recorded in the sn...

Resolved! How to change default tab for Security Incident Response workspace

Hi,How to change the default tab for Security Incident Response workspace?When I open a security incident from workspace, the tab defaults to 'Overview'. Instead it should be defaulted to 'Details' tab when users open the record. Please assist.

Reapply Remediation Task Rule After New Assignment

I am aware of the 'Reapply Remediation Task Rule' option from a remediation task rule, however the fact that this deletes all VUL's that are open and then recreates new ones is not an ideal solution. I created a new assignment rule, and also changed ...

Resolved! Vulnerability Response -Sys Properties Explanation

Hello,I'm looking for additional information about following 3 properties:1. sn_sec_cmn.filterOutDecommissionedCIMy understanding is that if we have this property enabled, ServiceNow will not mach an vulnerability to retired CI, instead it will creat...

Resolved! Some of the vulnerability items of snow are not assigned to any assignment Group

Some of the vulnerability items in vulnerability response module of snow are not assigned to any assignment groupFor example, A configuration item has various VITs created with different QIDs, Some are assigned to respective group., some are left una...

Update Push Notifications for LE Activities

Hello, I need to update the push notifications that are sending when an Onboarding Journey and LE are initiated.I just need to update the push notifications to only send for some activities when launched. Also a need to deactivate push notifications ...

VR Tenable Integration - CI with multiple IP addresses

Hi Community,I have an issue that i'm wondering if anyone else has seen.ScenarioA server that has multiple network adapters and ip addresses, say a cluster node.CI has both IP's listed in ServiceNow CMDBTenable scans both IP addresses and records the...

Forum Posts

Assessment

Resolved! Why all the notables created in Splunk are not created as security incidents in ServiceNow

Resolved! Managing Unmatched CI, Unclassed Hardware and Incomplete IP records

Feedback on Tenable.io WAS using OOTB integration

Detections on Vulnerable item table

If Tenable VIT is Resolved then Trigger an automated Scan

VIT and VUL/RT remain linked after unassign

Push Notifications

Integrating multiple Qualys sources into Configuration Compliance

Resolved! How to change default tab for Security Incident Response workspace

Reapply Remediation Task Rule After New Assignment

Resolved! Vulnerability Response -Sys Properties Explanation

Resolved! Some of the vulnerability items of snow are not assigned to any assignment Group

Update Push Notifications for LE Activities

VR Tenable Integration - CI with multiple IP addresses

Vulnerability Remediation required email template

Practitioners Wanted: Shape ServiceNow's AI Vulner...

Major Security Incident Management - Integration f...

Vulnerability Response Tenable Integration: Issue ...

In MSIM Status reports, where to find the "Append ...

European Union Vulnerability Database EUVD Integra...

Task 1: Create and Configure Security Groups (Cont...

Zscaler (ZWA) Integration with ServiceNow – Defaul...

How to modify order of columns in Prioritization t...

how to configure vulnerability response to auto cl...

Zero day Vulnerability - Best Practice

SuSe Security (former NeuVector) Integration to Vu...

Metrics for Vulnerability Response

Remediation target status of Target Met

Viewing Vulnerable Item related exception question...