SecOps forum

Microsoft Sentinel details _ If any one using

Thanks in advance Please if any one use the Microsoft Sentinel in the instance.provide the details about cost and licensee

Change of Proof on Vulnerability Item Detection

Hi, I am implementing the asssignment of VIs based on condition, that initial proof on VI contains specific string of text, but if the proof changes on the detection it is not updated in Initial proof. How I can than trigger the reassignment, as the ...

Tenable.SC upgrade

Hi, If Tenable.SC is being upgrade from version 5.23.1 to 6.3.0..Will there we an impact in the current integration with VR.If there are changes in the data structure, will integration run return an error?

Mass reopening closed Vulnerable Item records

We have about 5,000 vulnerable items that were assigned to the incorrect group before being closed. We'd like to reopen these and reapply the assignment rules so they can be properly documented with the correct assignment but ServiceNow has said ther...

Internet Facing / Internet-Facing Attribute - what strategies exist to auto-populate? SecOps

Internet Facing / Internet-Facing Attribute - what strategies exist to auto-populate? Anyone have a strategy on how to automatically populate the Internet Facing / Internet-Facing Attribute? IPAM data, Firewall data, some baseline Internet Assigned...

Import Sentinel ExtendedProperties in SecOps Incidents

We have been successfully importing Security Incidents from Sentinel through an integration, however, I am now trying to map new fields across. We want to start passing over metadata like the "Resolver Group" that the incident should be preassigned t...

Discovered Item of the latest detection for a VIT is not reflecting on the VIT table list view.

Hi Team, For one VIT there are two records under vulnerable item detection (detections) tab. One record is of Stale status and another record is of Open status. Moreover, both records discovered item are different.Ideally if one status is of stale st...

In Mitre Att&ck, cannot associate a technique against a tactic and does not get save against the SIR

When associating a Mitre attack record against an incident using the "Associate Mitre ATT&CK Technique" related link from the Security Incident form... from the dialog window, you initially select the Source and then the Tactic. But when selecting t...

How to check the email body for the match condition to create security incident using Email Parser?

Black-Box Penetration Test

Hello Everyone,Is there any other way for penetration Testing in ServiceNow without the Raising a request in serviceNow Hi portal?My understanding towards the Black-Box Penetration testing is to Test the Applications using several Third-Party apps an...

Resolved! MSIM Workspace

Hi,Need to change default value for priority field in MSIM workspace. created UI policy to do the same but it's not working. And we can not change it from dictionary level as it is inherited from task table.Please suggest.Thanks,

VR or SIR and a Phase 2

All, I am doing some planning... so a question for everyone: Once VR or SIR are up and running successfully, what is important enough to start a Phase 2 project? What I mean is... Would you like additional configurations, new integrations, new OOB ca...

What happens if a Vulnerable Item no longer matches the Exception Rule conditions?

There is an ongoing doubt to know what happens to a Vulnerable Item deferred by an exception rule if it gets updated by the system and no longer matches the initial conditions of the exception rule. Following OOB does it get re-opened or what should ...

remediation

i have a few questions on the vulnerability remediation : 1. other than submitting a change to push for a large amount of machines and it is closed when all the machines have been remediation, but what happens if one machine happens to have the old ...

Tenable.io integrate with Service now

I have a question. We want to integrate Tenable.io with ServiceNow CMDB to manage the client asset. Is there any requirement from the ServiceNow side? I found some content on the screenshot (Tenable and ServiceNow Integration Guide), "Service Graph ...

Forum Posts

Microsoft Sentinel details _ If any one using

Change of Proof on Vulnerability Item Detection

Tenable.SC upgrade

Mass reopening closed Vulnerable Item records

Internet Facing / Internet-Facing Attribute - what strategies exist to auto-populate? SecOps

Import Sentinel ExtendedProperties in SecOps Incidents

Discovered Item of the latest detection for a VIT is not reflecting on the VIT table list view.

In Mitre Att&ck, cannot associate a technique against a tactic and does not get save against the SIR

How to check the email body for the match condition to create security incident using Email Parser?

Black-Box Penetration Test

Resolved! MSIM Workspace

VR or SIR and a Phase 2

What happens if a Vulnerable Item no longer matches the Exception Rule conditions?

remediation

Tenable.io integrate with Service now

when creating remediation tasks 'created by' as Se...

Security Incident Response force security incident...

CVR Integration with Cortex

CVE for Windows devices getting matched with Linux...

SIR Architecture or System View Diagram

Metrics for Vulnerability Response

Remediation target status of Target Met

Viewing Vulnerable Item related exception question...

How to handle temporary / ephemeral builds with Vu...

Document templates for VRM tables

Workspace View

Is container VR a prereq to updating to the new Se...

Hi there,I started learning the SecOps fundamental...

Remediation tasks not created when VIT risk rating...

CVIT Bulk Edit