Forum Posts
MSIM Workspace SharePoint Integtation
MSIM workspace has a tab called "Collaboration" once you open a major security incident. On this tab I can not get the SharePoint library to display despite having configured it correctly. If I open the workspace in UI Building, this section has a de...
Qualys Integration issues for Vulnerability Response and Configuration Compliance, Host Detection
We are running two integration instances in our environment, one for Qualys Vulnerability Response and one for Qualys Configuration Compliance. Below are the jobs running for Qualys VR and Qualys CC. We started seeing duplicate VITs in our production...
Set record-level permissions in the Security Incident application
In the Security Incidents application. I’m looking for a technique on how to restrict access to the records. A user who is currently login can see and edit only records that he assigned to.
Resolved! Configuration Compliance Test Group/Policy Mark Deprecated
What does the "Mark Deprecated" UI Action do on the Test Group (formerly Policy) form? The UI Action is present on both "Active" and "Inactive" Test Groups. Does this UI Action just deactivate the Test Group or is this another action?
Incident placed on hold pending Problem
Thoughts on the following configuration for incident and problem handling. The tool has been configured so that a major incident can be placed on hold Pending Problem. When you link an Incident to a Problem and set this status, the cause and fix info...
Reopening of security incident
Hi,Our team is looking for an option to reopen a Security Incident which is in closed state. Currently once you close the Security incident you cant reopen or edit any fields. Basically team is looking for an option to edit fields on a security inci...
Resolved! Multi-factor Authentication (MFA) without using Authenticator Applications
In Multi-factor Authentication (MFA), User should Download and install any one of the Authenticator Application for first time. From next login onwards they can use the Authenticator Application or request a verification to be sent via email by click...
Resolved! Customizing Security Incident New UI
Is it possible to customize the Security Incident New UI? Changing form fields or form layout?
Demo Incident Data
Hi all ,I wanted to try task intelligence for ITSM in my PDI but the required number of incidents needed are 10k.so is there any way I can create or get some demo incidents data.Thanks,
instance security hardening - glide.security.url.whitelist - need details for this system property
glide.security.url.whitelist - created this system property (snapshot attached) to check its nature of operation but turned out as a fail. When logout from the admin user or a newly created user from the PDI, its not working as expected (enforces val...
Splunk ES Integration- field mapping to a choice value on sn_si_incident
Hey all-we have a working Splunk ES integration configured previously by ServiceNow implementers- but the 'source' field is currently populating to the SNow form default of 'phone', and the secops folks want it adjusted to SIEM. instead of changing ...
Resolved! Mass close Remediation Tasks
Hi all, We have around 62000 remediation tasks which all need to be closed. I first tried using "update all" to update their "state" values to "closed completed." However, this times out and only closes around 3000 records before timing out. So next,...
Risk calculator doesn't work
Hi, I have a second question related to risk calculator.As per my understanding and the knowledge I have from community, when a new Vulnerable item got created (from integration), a Business rule "Calculate risk score" got executed and the risk ratin...
Resolved! Vulnerability Response - Remediation Task Rules issue
Hi We have one Remediation Task rule which will create a Remediation Task for an assignment group as long as that assignment group is not empty on the VIT. We have had some issues where the wrong team has been assigned so these VIT's have been manual...
